CVE Vulnerability Database

Search and browse 111 known security vulnerabilities. Filter by severity, vendor, product, and year.

111 vulnerabilities found
Recent Highest Score Oldest
Year: 2022 × Clear all
CVE-2022-0715
9.1 critical

A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT Series ID=18: UPS 09.8 and prior / SMT Series ID=1040

Schneider-Electric Smt Series 1015 Ups Firmware Mar 9, 2022
CVE-2022-24512
6.3 medium

.NET and Visual Studio Remote Code Execution Vulnerability

Microsoft .Net Mar 9, 2022
CVE-2022-24511
5.5 medium

Microsoft Office Word Tampering Vulnerability

Microsoft 365 Apps Mar 9, 2022
CVE-2022-24510
7.8 high

Microsoft Office Visio Remote Code Execution Vulnerability

Microsoft 365 Apps Mar 9, 2022
CVE-2022-24509
7.8 high

Microsoft Office Visio Remote Code Execution Vulnerability

Microsoft 365 Apps Mar 9, 2022
CVE-2022-24464
7.5 high

.NET and Visual Studio Denial of Service Vulnerability

Microsoft .Net Mar 9, 2022
CVE-2022-24501
7.8 high

VP9 Video Extensions Remote Code Execution Vulnerability

Microsoft Vp9 Video Extensions Mar 9, 2022
CVE-2022-24462
5.5 medium

Microsoft Word Security Feature Bypass Vulnerability

Microsoft 365 Apps Mar 9, 2022
CVE-2022-24461
7.8 high

Microsoft Office Visio Remote Code Execution Vulnerability

Microsoft 365 Apps Mar 9, 2022
CVE-2022-24457
7.8 high

HEIF Image Extensions Remote Code Execution Vulnerability

Microsoft Heif Image Extension Mar 9, 2022
CVE-2022-24451
7.8 high

VP9 Video Extensions Remote Code Execution Vulnerability

Microsoft Vp9 Video Extensions Mar 9, 2022
CVE-2022-23282
7.8 high

Paint 3D Remote Code Execution Vulnerability

Microsoft Paint 3D Mar 9, 2022
CVE-2022-0492
7.8 high

A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.

Netapp H300S Firmware Mar 3, 2022
CVE-2021-43619
7.8 high

Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory locations.

Trustedfirmware Trusted Firmware-M Mar 1, 2022
CVE-2021-22788
7.5 high

A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXN

Schneider-Electric Modicon M340 Bmxp342020 Firmware Feb 11, 2022
CVE-2021-22787
7.5 high

A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communic

Schneider-Electric Modicon M340 Bmxp342020 Firmware Feb 11, 2022
CVE-2021-22785
7.5 high

A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X8

Schneider-Electric Modicon M340 Bmxp342020 Firmware Feb 11, 2022
CVE-2022-22709
7.8 high

VP9 Video Extensions Remote Code Execution Vulnerability

Microsoft Vp9 Video Extensions Feb 9, 2022
CVE-2020-7534
8.8 high

A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized actions on the web server during the time the user is logged in. Affected Products: Modicon M340 CPUs: BMXP34 (All Versions), Modicon Quantum CPUs with

Schneider-Electric Modicon M340 Bmxp342020 Firmware Feb 4, 2022
CVE-2020-8562
2.2 low

As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation Kubernetes does a DNS

Kubernetes Kubernetes Feb 1, 2022
CVE-2022-21366
5.3 medium

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticat

Oracle Graalvm Jan 19, 2022
CVE-2022-21360
5.3 medium

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows

Oracle Graalvm Jan 19, 2022
CVE-2022-21341
5.3 medium

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability

Oracle Graalvm Jan 19, 2022
CVE-2022-21340
5.3 medium

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allo

Oracle Graalvm Jan 19, 2022