# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2022-32990 |
755 |
|
DoS |
2022-06-24 |
2022-07-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
An issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30 allows attackers to trigger an unhandled exception via a crafted XCF file, causing a Denial of Service (DoS). |
2 |
CVE-2022-31799 |
755 |
|
|
2022-06-02 |
2022-06-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Bottle before 0.12.20 mishandles errors during early request binding. |
3 |
CVE-2022-30727 |
755 |
|
|
2022-06-07 |
2022-06-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value in work space. |
4 |
CVE-2022-30725 |
755 |
|
|
2022-06-07 |
2022-06-11 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionError function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. |
5 |
CVE-2022-30724 |
755 |
|
|
2022-06-07 |
2022-06-11 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionCompleted function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. |
6 |
CVE-2022-30723 |
755 |
|
|
2022-06-07 |
2022-06-11 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in activateVoiceRecognitionWithDevice function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. |
7 |
CVE-2022-30716 |
755 |
|
|
2022-06-07 |
2022-06-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access toast message information from device. |
8 |
CVE-2022-29617 |
755 |
|
|
2022-06-06 |
2022-06-14 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
Due to improper error handling an authenticated user can crash CLA assistant instance. This could impact the availability of the application. |
9 |
CVE-2022-29017 |
755 |
|
|
2022-05-16 |
2022-05-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Bento4 v1.6.0.0 was discovered to contain a segmentation fault via the component /x86_64/multiarch/strlen-avx2.S. |
10 |
CVE-2022-27872 |
755 |
|
Exec Code |
2022-06-21 |
2022-06-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A maliciously crafted PDF file may be used to dereference a pointer for read or write operation while parsing PDF files in Autodesk Navisworks 2022. The vulnerability exists because the application fails to handle a crafted PDF file, which causes an unhandled exception. An attacker can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code. |
11 |
CVE-2022-27841 |
755 |
|
|
2022-04-11 |
2022-04-19 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
Improper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical attacker to view the screen that is previously running without authentication |
12 |
CVE-2022-27167 |
755 |
|
|
2022-05-10 |
2022-05-18 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
Privilege escalation vulnerability in Windows products of ESET, spol. s r.o. allows attacker to exploit "Repair" and "Uninstall" features what may lead to arbitrary file deletion. This issue affects: ESET, spol. s r.o. ESET NOD32 Antivirus 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Internet Security 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Smart Security Premium 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Endpoint Antivirus 6.0 versions prior to 9.0.2046.0. ESET, spol. s r.o. ESET Endpoint Security 6.0 versions prior to 9.0.2046.0. ESET, spol. s r.o. ESET Server Security for Microsoft Windows Server 8.0 versions prior to 9.0.12012.0. ESET, spol. s r.o. ESET File Security for Microsoft Windows Server 8.0.12013.0. ESET, spol. s r.o. ESET Mail Security for Microsoft Exchange Server 6.0 versions prior to 8.0.10020.0. ESET, spol. s r.o. ESET Mail Security for IBM Domino 6.0 versions prior to 8.0.14011.0. ESET, spol. s r.o. ESET Security for Microsoft SharePoint Server 6.0 versions prior to 8.0.15009.0. |
13 |
CVE-2022-25795 |
755 |
|
Exec Code |
2022-04-13 |
2022-04-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A maliciously crafted PDF file can be used to dereference for a write beyond the allocated buffer while parsing PDFTron files. The vulnerability exists because the application fails to handle a crafted PDFTron file, which causes an unhandled exception. An attacker can leverage this vulnerability to execute arbitrary code. |
14 |
CVE-2022-24863 |
755 |
|
DoS |
2022-04-18 |
2022-04-27 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
http-swagger is an open source wrapper to automatically generate RESTful API documentation with Swagger 2.0. In versions of http-swagger prior to 1.2.6 an attacker may perform a denial of service attack consisting of memory exhaustion on the host system. The cause of the memory exhaustion is down to improper handling of http methods. Users are advised to upgrade. Users unable to upgrade may to restrict the path prefix to the "GET" method as a workaround. |
15 |
CVE-2022-24615 |
755 |
|
DoS |
2022-02-24 |
2022-04-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
zip4j up to v2.10.0 can throw various uncaught exceptions while parsing a specially crafted ZIP file, which could result in an application crash. This could be used to mount a denial of service attack against services that use zip4j library. |
16 |
CVE-2022-24613 |
755 |
|
DoS |
2022-02-24 |
2022-03-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
metadata-extractor up to 2.16.0 can throw various uncaught exceptions while parsing a specially crafted JPEG file, which could result in an application crash. This could be used to mount a denial of service attack against services that use metadata-extractor library. |
17 |
CVE-2022-23625 |
755 |
|
|
2022-03-11 |
2022-03-18 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
Wire-ios is a messaging application using the wire protocol on apple's ios platform. In versions prior to 3.95 malformed resource identifiers may render the iOS Wire Client completely unusable by causing it to repeatedly crash on launch. These malformed resource identifiers can be generated and sent between Wire users. The root cause lies in [wireapp/wire-ios-transport](https://github.com/wireapp/wire-ios-transport), where code responsible for removing sensible tokens before logging may fail and lead to a crash (Swift exception) of the application. This causes undesirable behavior, however the (greater) Wire system is still functional. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. |
18 |
CVE-2022-23018 |
755 |
|
|
2022-01-25 |
2022-02-01 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
On BIG-IP AFM version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and 13.1.x beginning in 13.1.3.4, when a virtual server is configured with both HTTP protocol security and HTTP Proxy Connect profiles, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
19 |
CVE-2022-22290 |
755 |
|
|
2022-01-14 |
2022-01-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Incorrect download source UI in Downloads in Samsung Internet prior to 16.0.6.23 allows attackers to perform domain spoofing via a crafted HTML page. |
20 |
CVE-2022-22265 |
755 |
|
Exec Code |
2022-01-10 |
2022-01-14 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution. |
21 |
CVE-2022-22177 |
755 |
|
DoS |
2022-01-19 |
2022-01-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
A release of illegal memory vulnerability in the snmpd daemon of Juniper Networks Junos OS, Junos OS Evolved allows an attacker to halt the snmpd daemon causing a sustained Denial of Service (DoS) to the service until it is manually restarted. This issue impacts any version of SNMP – v1,v2, v3 This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S20; 15.1 versions prior to 15.1R7-S11; 18.3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R2-S9, 18.4R3-S10; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R2-S5, 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2-S2, 21.1R3; 21.2 versions prior to 21.2R1-S2, 21.2R2. Juniper Networks Junos OS Evolved 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO. |
22 |
CVE-2022-22150 |
755 |
|
Exec Code Mem. Corr. |
2022-02-04 |
2022-06-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A memory corruption vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.1.0.52543. A specially-crafted PDF document can trigger an exception which is improperly handled, leaving the engine in an invalid state, which can lead to memory corruption and arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled. |
23 |
CVE-2022-21814 |
755 |
|
DoS |
2022-02-07 |
2022-05-09 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver package, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service. |
24 |
CVE-2022-21813 |
755 |
|
DoS |
2022-02-07 |
2022-06-30 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service. |
25 |
CVE-2022-21667 |
755 |
|
|
2022-01-10 |
2022-01-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
soketi is an open-source WebSockets server. There is an unhandled case when reading POST requests which results in the server crashing if it could not read the body of a request. In the event that a POST request is sent to any endpoint of the server with an empty body, even unauthenticated with the Pusher Protocol, it will crash the server. All users that run the server are affected by this vulnerability and it's highly recommended to upgrade to the latest patch. There are no workarounds for this issue. |
26 |
CVE-2022-21218 |
755 |
|
|
2022-02-09 |
2022-02-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Uncaught exception in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable information disclosure via local access. |
27 |
CVE-2022-21155 |
755 |
|
|
2022-04-12 |
2022-04-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
A specially crafted packet sent to the Fernhill SCADA Server Version 3.77 and earlier may cause an exception, causing the server process (FHSvrService.exe) to exit. |
28 |
CVE-2022-20678 |
755 |
|
DoS |
2022-04-15 |
2022-04-25 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
A vulnerability in the AppNav-XE feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of certain TCP segments. An attacker could exploit this vulnerability by sending a stream of crafted TCP traffic at a high rate through an interface of an affected device. That interface would need to have AppNav interception enabled. A successful exploit could allow the attacker to cause the device to reload. |
29 |
CVE-2022-20111 |
755 |
|
|
2022-05-03 |
2022-05-12 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
In ion, there is a possible use after free due to incorrect error handling. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06366069; Issue ID: ALPS06366069. |
30 |
CVE-2022-20088 |
755 |
|
|
2022-05-03 |
2022-05-10 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
In aee driver, there is a possible reference count mistake due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06209201; Issue ID: ALPS06209201. |
31 |
CVE-2022-20076 |
755 |
|
Mem. Corr. |
2022-04-11 |
2022-04-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
In ged, there is a possible memory corruption due to an incorrect error handling. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05838808; Issue ID: ALPS05839556. |
32 |
CVE-2022-20066 |
755 |
|
+Info |
2022-04-11 |
2022-05-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
In atf (hwfde), there is a possible leak of sensitive information due to incorrect error handling. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171729; Issue ID: ALPS06171729. |
33 |
CVE-2022-20057 |
755 |
|
Mem. Corr. |
2022-03-10 |
2022-03-17 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
In btif, there is a possible memory corruption due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06271186; Issue ID: ALPS06271186. |
34 |
CVE-2022-20042 |
755 |
|
|
2022-02-09 |
2022-02-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
In Bluetooth, there is a possible information disclosure due to incorrect error handling. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108487; Issue ID: ALPS06108487. |
35 |
CVE-2022-1965 |
755 |
|
|
2022-06-24 |
2022-07-01 |
5.5 |
None |
Remote |
Low |
??? |
None |
Partial |
Partial |
Multiple products of CODESYS implement a improper error handling. A low privilege remote attacker may craft a request, which is not properly processed by the error handling. In consequence, the file referenced by the request could be deleted. User interaction is not required. |
36 |
CVE-2022-0264 |
755 |
|
|
2022-02-04 |
2022-02-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
A vulnerability was found in the Linux kernel's eBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. This flaws affects kernel versions < v5.16-rc6 |
37 |
CVE-2022-0023 |
755 |
|
|
2022-04-13 |
2022-04-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
An improper handling of exceptional conditions vulnerability exists in the DNS proxy feature of Palo Alto Networks PAN-OS software that enables a meddler-in-the-middle (MITM) to send specifically crafted traffic to the firewall that causes the service to restart unexpectedly. Repeated attempts to send this request result in denial-of-service to all PAN-OS services by restarting the device in maintenance mode. This issue does not impact Panorama appliances and Prisma Access customers. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.22; PAN-OS 9.0 versions earlier than PAN-OS 9.0.16; PAN-OS 9.1 versions earlier than PAN-OS 9.1.13; PAN-OS 10.0 versions earlier than PAN-OS 10.0.10; PAN-OS 10.1 versions earlier than PAN-OS 10.1.5. This issue does not impact PAN-OS 10.2. |
38 |
CVE-2022-0016 |
755 |
|
|
2022-02-10 |
2022-02-17 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that enables a local attacker to escalate to SYSTEM or root privileges when authenticating with Connect Before Logon under certain circumstances. This issue impacts GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS. This issue does not affect the GlobalProtect app on other platforms. |
39 |
CVE-2021-43979 |
755 |
|
Bypass |
2021-11-17 |
2021-11-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
** DISPUTED ** Styra Open Policy Agent (OPA) Gatekeeper through 3.7.0 mishandles concurrency, sometimes resulting in incorrect access control. The data replication mechanism allows policies to access the Kubernetes cluster state. During data replication, OPA/Gatekeeper does not wait for the replication to finish before processing a request, which might cause inconsistencies between the replicated resources in OPA/Gatekeeper and the resources actually present in the cluster. Inconsistency can later be reflected in a policy bypass. NOTE: the vendor disagrees that this is a vulnerability, because Kubernetes states are only eventually consistent. |
40 |
CVE-2021-43827 |
755 |
|
|
2021-12-14 |
2021-12-29 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
discourse-footnote is a library providing footnotes for posts in Discourse. ### Impact When posting an inline footnote wrapped in `<a>` tags (e.g. `<a>^[footnote]</a>`, the resulting rendered HTML would include a nested `<a>`, which is stripped by Nokogiri because it is not valid. This then caused a javascript error on topic pages because we were looking for an `<a>` element inside the footnote reference span and getting its ID, and because it did not exist we got a null reference error in javascript. Users are advised to update to version 0.2. As a workaround editing offending posts from the rails console or the database console for self-hosters, or disabling the plugin in the admin panel can mitigate this issue. |
41 |
CVE-2021-43272 |
755 |
|
Exec Code |
2021-11-14 |
2021-12-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
An improper handling of exceptional conditions vulnerability exists in Open Design Alliance ODA Viewer sample before 2022.11. ODA Viewer continues to process invalid or malicious DWF files instead of stopping upon an exception. An attacker can leverage this vulnerability to execute code in the context of the current process. |
42 |
CVE-2021-43173 |
755 |
|
|
2021-11-09 |
2022-04-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to keep the connection alive. This can be used to effectively stall validation. While Routinator has a configurable time-out value for RRDP connections, this time-out was only applied to individual read or write operations rather than the complete request. Thus, if an RRDP repository sends a little bit of data before that time-out expired, it can continuously extend the time it takes for the request to finish. Since validation will only continue once the update of an RRDP repository has concluded, this delay will cause validation to stall, leading to Routinator continuing to serve the old data set or, if in the initial validation run directly after starting, never serve any data at all. |
43 |
CVE-2021-39659 |
755 |
|
DoS |
2022-01-14 |
2022-01-20 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor.java, there is a possible prevention of access to emergency calling due to an unhandled exception. In rare instances, this could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-208267659 |
44 |
CVE-2021-39242 |
755 |
|
|
2021-08-17 |
2021-09-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It can lead to a situation with an attacker-controlled HTTP Host header, because a mismatch between Host and authority is mishandled. |
45 |
CVE-2021-39187 |
755 |
|
|
2021-09-02 |
2021-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.3, Parse Server crashes when if a query request contains an invalid value for the `explain` option. This is due to a bug in the MongoDB Node.js driver which throws an exception that Parse Server cannot catch. There is a patch for this issue in version 4.10.3. No workarounds aside from upgrading are known to exist. |
46 |
CVE-2021-39157 |
755 |
|
|
2021-08-24 |
2021-09-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
detect-character-encoding is an open source character encoding inspection library. In detect-character-encoding v0.6.0 and earlier, data matching no charset causes the Node.js process to crash. The problem has been patched in [detect-character-encoding v0.7.0](https://github.com/sonicdoe/detect-character-encoding/releases/tag/v0.7.0). No workaround are available and all users should update to resolve this issue. |
47 |
CVE-2021-39131 |
755 |
|
|
2021-08-17 |
2021-08-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
ced detects character encoding using Google’s compact_enc_det library. In ced v0.1.0, passing data types other than `Buffer` causes the Node.js process to crash. The problem has been patched in ced v1.0.0. As a workaround, before passing an argument to ced, verify it’s a `Buffer` using `Buffer.isBuffer(obj)`. |
48 |
CVE-2021-37851 |
755 |
|
|
2022-05-11 |
2022-05-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Local privilege escalation in Windows products of ESET allows user who is logged into the system to exploit repair feature of the installer to run malicious code with higher privileges. This issue affects: ESET, spol. s r.o. ESET NOD32 Antivirus 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Internet Security 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Smart Security Premium 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Endpoint Antivirus 6.0 versions prior to 9.0.2046.0; 6.0 versions prior to 8.1.2050.0; 6.0 versions prior to 8.0.2053.0. ESET, spol. s r.o. ESET Endpoint Security 6.0 versions prior to 9.0.2046.0; 6.0 versions prior to 8.1.2050.0; 6.0 versions prior to 8.0.2053.0. ESET, spol. s r.o. ESET Server Security for Microsoft Windows Server 8.0 versions prior to 9.0.12012.0. ESET, spol. s r.o. ESET File Security for Microsoft Windows Server 8.0.12013.0. ESET, spol. s r.o. ESET Mail Security for Microsoft Exchange Server 6.0 versions prior to 8.0.10020.0. ESET, spol. s r.o. ESET Mail Security for IBM Domino 6.0 versions prior to 8.0.14011.0. ESET, spol. s r.o. ESET Security for Microsoft SharePoint Server 6.0 versions prior to 8.0.15009.0. |
49 |
CVE-2021-37786 |
755 |
|
DoS |
2021-09-27 |
2021-10-07 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Certain Federal Office of Information Technology Systems and Telecommunication FOITT products are affected by improper handling of exceptional conditions. This affects COVID Certificate App IOS 2.2.0 and below affected, patch in progress and COVID Certificate Check App IOS 2.2.0 and below affected, patch in progress. A denial of service (physically proximate) could be caused by scanning a crafted QR code. |
50 |
CVE-2021-37175 |
755 |
|
|
2021-09-14 |
2021-09-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The affected devices do not properly handle permissions to traverse the file system. If exploited, an attacker could gain access to an overview of the complete file system on the affected devices. |