Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-21841 | 1 Microsoft | 2 365 Apps, Office | 2022-01-14 | 9.3 HIGH | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability. | |||||
| CVE-2021-45442 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Worry-free Business Security and 1 more | 2022-01-14 | 6.6 MEDIUM | 7.1 HIGH |
| A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on prem only) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. This is similar to, but not the same as CVE-2021-44024. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2021-39985 | 1 Huawei | 1 Harmonyos | 2022-01-14 | 5.0 MEDIUM | 7.5 HIGH |
| The HwNearbyMain module has a Improper Validation of Array Index vulnerability.Successful exploitation of this vulnerability may cause a process to restart. | |||||
| CVE-2018-1000613 | 4 Bouncycastle, Netapp, Opensuse and 1 more | 24 Legion-of-the-bouncy-castle-java-crytography-api, Oncommand Workflow Automation, Leap and 21 more | 2022-01-14 | 7.5 HIGH | 9.8 CRITICAL |
| Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later. | |||||
| CVE-2021-34087 | 1 Ultimaker | 6 Ultimaker 3, Ultimaker 3 Firmware, Ultimaker S3 and 3 more | 2022-01-14 | 6.8 MEDIUM | 7.1 HIGH |
| In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16, the local webserver can be used for clickjacking. This includes the settings page. | |||||
| CVE-2021-45440 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Worry-free Business Security and 1 more | 2022-01-14 | 7.2 HIGH | 7.8 HIGH |
| A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2021-34086 | 1 Ultimaker | 6 Ultimaker 3, Ultimaker 3 Firmware, Ultimaker S3 and 3 more | 2022-01-14 | 6.8 MEDIUM | 8.8 HIGH |
| In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16, the local webserver hosts APIs vulnerable to CSRF. They do not verify incoming requests. | |||||
| CVE-2021-44024 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Worry-free Business Security and 1 more | 2022-01-14 | 6.6 MEDIUM | 7.1 HIGH |
| A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2015-8751 | 1 Jasper Project | 1 Jasper | 2022-01-14 | 6.8 MEDIUM | 8.8 HIGH |
| Integer overflow in the jas_matrix_create function in JasPer allows context-dependent attackers to have unspecified impact via a crafted JPEG 2000 image, related to integer multiplication for memory allocation. | |||||
| CVE-2021-40566 | 1 Gpac | 1 Gpac | 2022-01-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Segmentation fault casued by heap use after free vulnerability exists in Gpac through 1.0.1 via the mpgviddmx_process function in reframe_mpgvid.c when using mp4box, which causes a denial of service. | |||||
| CVE-2021-40565 | 1 Gpac | 1 Gpac | 2022-01-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Segmentation fault caused by a null pointer dereference vulnerability exists in Gpac through 1.0.1 via the gf_avc_parse_nalu function in av_parsers.c when using mp4box, which causes a denial of service. | |||||
| CVE-2021-40564 | 1 Gpac | 1 Gpac | 2022-01-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Segmentation fault caused by null pointer dereference vulnerability eists in Gpac through 1.0.2 via the avc_parse_slice function in av_parsers.c when using mp4box, which causes a denial of service. | |||||
| CVE-2021-40563 | 1 Gpac | 1 Gpac | 2022-01-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Segmentation fault exists casued by null pointer dereference exists in Gpac through 1.0.1 via the naludmx_create_avc_decoder_config function in reframe_nalu.c when using mp4box, which causes a denial of service. | |||||
| CVE-2021-40562 | 1 Gpac | 1 Gpac | 2022-01-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Segmentation fault caused by a floating point exception exists in Gpac through 1.0.1 using mp4box via the naludmx_enqueue_or_dispatch function in reframe_nalu.c, which causes a denial of service. | |||||
| CVE-2021-40559 | 1 Gpac | 1 Gpac | 2022-01-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| A null pointer deference vulnerability exists in gpac through 1.0.1 via the naludmx_parse_nal_avc function in reframe_nalu, which allows a denail of service. | |||||
| CVE-2021-45856 | 1 Accu-time | 2 Maximus, Maximus Firmware | 2022-01-14 | 5.0 MEDIUM | 7.5 HIGH |
| Accu-Time Systems MAXIMUS 1.0 telnet service suffers from a remote buffer overflow which causes the telnet service to crash | |||||
| CVE-2022-21839 | 1 Microsoft | 2 Windows 10, Windows Server 2019 | 2022-01-13 | 2.1 LOW | 5.5 MEDIUM |
| Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability. | |||||
| CVE-2022-21837 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2022-01-13 | 9.0 HIGH | 8.8 HIGH |
| Microsoft SharePoint Server Remote Code Execution Vulnerability. | |||||
| CVE-2021-43850 | 1 Discourse | 1 Discourse | 2022-01-13 | 4.0 MEDIUM | 6.8 MEDIUM |
| Discourse is an open source platform for community discussion. In affected versions admins users can trigger a Denial of Service attack via the `/message-bus/_diagnostics` path. The impact of this vulnerability is greater on multisite Discourse instances (where multiple forums are served from a single application server) where any admin user on any of the forums are able to visit the `/message-bus/_diagnostics` path. The problem has been patched. Please upgrade to 2.8.0.beta10 or 2.7.12. No workarounds for this issue exist. | |||||
| CVE-2021-43832 | 1 Linuxfoundation | 1 Spinnaker | 2022-01-13 | 7.5 HIGH | 9.8 CRITICAL |
| Spinnaker is an open source, multi-cloud continuous delivery platform. Spinnaker has improper permissions allowing pipeline creation & execution. This lets an arbitrary user with access to the gate endpoint to create a pipeline and execute it without authentication. If users haven't setup Role-based access control (RBAC) with-in spinnaker, this enables remote execution and access to deploy almost any resources on any account. Patches are available on the latest releases of the supported branches and users are advised to upgrade as soon as possible. Users unable to upgrade should enable RBAC on ALL accounts and applications. This mitigates the ability of a pipeline to affect any accounts. Block application access unless permission are enabled. Users should make sure ALL application creation is restricted via appropriate wildcards. | |||||