Total
8212 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-45051 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2022-01-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlier) are affected by an use-after-free vulnerability in the processing of Format event actions that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-45052 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2022-01-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious TIF file. | |||||
| CVE-2021-39032 | 2 Ibm, Microsoft | 2 Sterling Gentran, Windows | 2022-01-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM Sterling Gentran:Server for Microsoft Windows 5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 213962. | |||||
| CVE-2021-38931 | 6 Hp, Ibm, Linux and 3 more | 7 Hp-ux, Aix, Db2 and 4 more | 2022-01-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from. IBM X-Force ID: 210418. | |||||
| CVE-2021-39002 | 6 Hp, Ibm, Linux and 3 more | 7 Hp-ux, Aix, Db2 and 4 more | 2022-01-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | |||||
| CVE-2021-29678 | 6 Hp, Ibm, Linux and 3 more | 7 Hp-ux, Aix, Db2 and 4 more | 2022-01-21 | 5.5 MEDIUM | 8.7 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user with DBADM authority to access other databases and read or modify files. IBM X-Force ID: 199914. | |||||
| CVE-2022-0014 | 2 Microsoft, Paloaltonetworks | 2 Windows, Cortex Xdr Agent | 2022-01-19 | 6.9 MEDIUM | 7.3 HIGH |
| An untrusted search path vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker with file creation privilege in the Windows root directory (such as C:\) to store a program that can then be unintentionally executed by another local user when that user utilizes a Live Terminal session. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2. | |||||
| CVE-2022-0013 | 2 Microsoft, Paloaltonetworks | 2 Windows, Cortex Xdr Agent | 2022-01-19 | 2.1 LOW | 5.5 MEDIUM |
| A file information exposure vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker to read the contents of arbitrary files on the system with elevated privileges when generating a support file. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2. | |||||
| CVE-2022-0012 | 2 Microsoft, Paloaltonetworks | 2 Windows, Cortex Xdr Agent | 2022-01-19 | 3.6 LOW | 7.1 HIGH |
| An improper link resolution before file access vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables a local user to delete arbitrary system files and impact the system integrity or cause a denial of service condition. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2. | |||||
| CVE-2021-45059 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2022-01-15 | 4.3 MEDIUM | 3.3 LOW |
| Adobe InDesign version 16.4 (and earlier) is affected by a use-after-free vulnerability in the processing of a JPEG2000 file that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-45054 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2022-01-15 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe InCopy version 16.4 (and earlier) is affected by a use-after-free vulnerability in the processing of a JPEG2000 file that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-45442 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Worry-free Business Security and 1 more | 2022-01-14 | 6.6 MEDIUM | 7.1 HIGH |
| A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on prem only) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. This is similar to, but not the same as CVE-2021-44024. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2021-45440 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Worry-free Business Security and 1 more | 2022-01-14 | 7.2 HIGH | 7.8 HIGH |
| A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2021-44024 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Worry-free Business Security and 1 more | 2022-01-14 | 6.6 MEDIUM | 7.1 HIGH |
| A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2020-7878 | 2 4nb, Microsoft | 2 Videooffice, Windows | 2022-01-12 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file download and execution vulnerability was found in the VideoOffice X2.9 and earlier versions (CVE-2020-7878). This issue is due to missing support for integrity check. | |||||
| CVE-2020-7883 | 2 Microsoft, Wowsoft | 2 Windows, Printchaser | 2022-01-11 | 7.5 HIGH | 9.8 CRITICAL |
| Printchaser v2.2021.804.1 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the argument, variable in the activeX module. This can be leveraged for code execution. | |||||
| CVE-2021-45884 | 4 Apple, Brave, Linux and 1 more | 4 Macos, Brave, Linux Kernel and 1 more | 2022-01-07 | 4.3 MEDIUM | 7.5 HIGH |
| In Brave Desktop 1.17 through 1.33 before 1.33.106, when CNAME-based adblocking and a proxying extension with a SOCKS fallback are enabled, additional DNS requests are issued outside of the proxying extension using the system's DNS settings, resulting in information disclosure. NOTE: this issue exists because of an incomplete fix for CVE-2021-21323 and CVE-2021-22916. | |||||
| CVE-2021-23175 | 2 Microsoft, Nvidia | 2 Windows, Geforce Experience | 2022-01-07 | 4.4 MEDIUM | 8.2 HIGH |
| NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user intervention, may lead to escalation of privileges, information disclosure, data tampering, and denial of service, affecting other resources beyond the intended security authority of GameStream. | |||||
| CVE-2021-42808 | 2 Microsoft, Thalesgroup | 2 Windows, Sentinel Protection Installer | 2022-01-04 | 7.2 HIGH | 6.7 MEDIUM |
| Improper Access Control in Thales Sentinel Protection Installer could allow a local user to escalate privileges. | |||||
| CVE-2021-42809 | 2 Microsoft, Thalesgroup | 2 Windows, Sentinel Protection Installer | 2022-01-04 | 6.9 MEDIUM | 7.8 HIGH |
| Improper Access Control of Dynamically-Managed Code Resources (DLL) in Thales Sentinel Protection Installer could allow the execution of arbitrary code. | |||||