CVE Vulnerability Database

Search and browse 61 known security vulnerabilities. Filter by severity, vendor, product, and year.

61 vulnerabilities found
Recent Highest Score Oldest
Severity: High × Year: 2022 × Clear all
CVE-2022-24451
7.8 high

VP9 Video Extensions Remote Code Execution Vulnerability

Microsoft Vp9 Video Extensions Mar 9, 2022
CVE-2022-23282
7.8 high

Paint 3D Remote Code Execution Vulnerability

Microsoft Paint 3D Mar 9, 2022
CVE-2022-0492
7.8 high

A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.

Netapp H300S Firmware Mar 3, 2022
CVE-2021-43619
7.8 high

Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory locations.

Trustedfirmware Trusted Firmware-M Mar 1, 2022
CVE-2021-22788
7.5 high

A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXN

Schneider-Electric Modicon M340 Bmxp342020 Firmware Feb 11, 2022
CVE-2021-22787
7.5 high

A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communic

Schneider-Electric Modicon M340 Bmxp342020 Firmware Feb 11, 2022
CVE-2021-22785
7.5 high

A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X8

Schneider-Electric Modicon M340 Bmxp342020 Firmware Feb 11, 2022
CVE-2022-22709
7.8 high

VP9 Video Extensions Remote Code Execution Vulnerability

Microsoft Vp9 Video Extensions Feb 9, 2022
CVE-2020-7534
8.8 high

A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized actions on the web server during the time the user is logged in. Affected Products: Modicon M340 CPUs: BMXP34 (All Versions), Modicon Quantum CPUs with

Schneider-Electric Modicon M340 Bmxp342020 Firmware Feb 4, 2022
CVE-2022-23307
8.8 high

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.

Apache Chainsaw Jan 18, 2022
CVE-2022-23302
8.8 high

JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configurat

Apache Log4J Jan 18, 2022
CVE-2022-21841
7.8 high

Microsoft Excel Remote Code Execution Vulnerability

Microsoft 365 Apps Jan 11, 2022
CVE-2022-21840
8.8 high

Microsoft Office Remote Code Execution Vulnerability

Microsoft Excel Jan 11, 2022