Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-12934 | 2022-01-14 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none. | |||||
| CVE-2020-12918 | 2022-01-14 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none. | |||||
| CVE-2020-12908 | 2022-01-14 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none. | |||||
| CVE-2020-12907 | 2022-01-14 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none. | |||||
| CVE-2022-22267 | 1 Google | 1 Android | 2022-01-14 | 2.1 LOW | 3.3 LOW |
| Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1 allows attackers to get running application information. | |||||
| CVE-2022-22266 | 1 Google | 1 Android | 2022-01-14 | 2.1 LOW | 3.3 LOW |
| (Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity application prior to SMR Jan-2022 Release 1 allows untrusted applications to get WiFi information without proper permission. | |||||
| CVE-2022-22265 | 2 Google, Samsung | 2 Android, Exynos | 2022-01-14 | 4.6 MEDIUM | 7.8 HIGH |
| An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution. | |||||
| CVE-2022-22264 | 1 Google | 1 Android | 2022-01-14 | 3.6 LOW | 7.1 HIGH |
| Improper sanitization of incoming intent in Dressroom prior to SMR Jan-2022 Release 1 allows local attackers to read and write arbitrary files without permission. | |||||
| CVE-2022-22263 | 1 Google | 1 Android | 2022-01-14 | 2.1 LOW | 5.5 MEDIUM |
| Unprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Release 1 allows untrusted applications to launch arbitrary activity. | |||||
| CVE-2022-0133 | 1 Framasoft | 1 Peertube | 2022-01-14 | 5.0 MEDIUM | 7.5 HIGH |
| peertube is vulnerable to Improper Access Control | |||||
| CVE-2021-44564 | 1 Kalkitech | 40 Sync2000-m1, Sync2000-m1 Firmware, Sync2000-m2 and 37 more | 2022-01-14 | 6.8 MEDIUM | 8.1 HIGH |
| A security vulnerability originally reported in the SYNC2101 product, and applicable to specific sub-families of SYNC devices, allows an attacker to download the configuration file used in the device and apply a modified configuration file back to the device. The attack requires network access to the SYNC device and knowledge of its IP address. The attack exploits the unsecured communication channel used between the administration tool Easyconnect and the SYNC device (in the affected family of SYNC products). | |||||
| CVE-2022-21842 | 1 Microsoft | 2 Sharepoint Enterprise Server, Word | 2022-01-14 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Word Remote Code Execution Vulnerability. | |||||
| CVE-2022-21840 | 1 Microsoft | 6 Excel, Office, Office Online Server and 3 more | 2022-01-14 | 6.8 MEDIUM | 8.8 HIGH |
| Microsoft Office Remote Code Execution Vulnerability. | |||||
| CVE-2022-21667 | 1 Soketi Project | 1 Soketi | 2022-01-14 | 5.0 MEDIUM | 7.5 HIGH |
| soketi is an open-source WebSockets server. There is an unhandled case when reading POST requests which results in the server crashing if it could not read the body of a request. In the event that a POST request is sent to any endpoint of the server with an empty body, even unauthenticated with the Pusher Protocol, it will crash the server. All users that run the server are affected by this vulnerability and it's highly recommended to upgrade to the latest patch. There are no workarounds for this issue. | |||||
| CVE-2021-39993 | 1 Huawei | 2 Emui, Magic Ui | 2022-01-14 | 7.5 HIGH | 9.8 CRITICAL |
| There is an Integer overflow vulnerability with ACPU in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access. | |||||
| CVE-2021-30360 | 1 Checkpoint | 1 Endpoint Security | 2022-01-14 | 7.2 HIGH | 7.8 HIGH |
| Users have access to the directory where the installation repair occurs. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted EXE in the repair folder which runs with the Check Point Remote Access Client privileges. | |||||
| CVE-2021-41767 | 1 Apache | 1 Guacamole | 2022-01-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-private details of some REST responses. This may allow an authenticated user who already has permission to access a particular connection to read from or interact with another user's active use of that same connection. | |||||
| CVE-2021-40576 | 1 Gpac | 1 Gpac | 2022-01-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the gf_isom_get_payt_count function in hint_track.c, which allows attackers to cause a denial of service. | |||||
| CVE-2021-40575 | 1 Gpac | 1 Gpac | 2022-01-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the mpgviddmx_process function in reframe_mpgvid.c, which allows attackers to cause a denial of service. This vulnerability is possibly due to an incomplete fix for CVE-2021-40566. | |||||
| CVE-2021-40574 | 1 Gpac | 1 Gpac | 2022-01-14 | 6.8 MEDIUM | 7.8 HIGH |
| The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the gf_text_get_utf8_line function in load_text.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges. | |||||