| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-34709 |
|
|
Bypass |
2022-08-09 |
2022-08-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows Defender Credential Guard Security Feature Bypass Vulnerability. |
|
2 |
CVE-2022-33649 |
|
|
Bypass |
2022-08-09 |
2022-08-11 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. |
|
3 |
CVE-2022-33632 |
863 |
|
Bypass |
2022-07-12 |
2022-07-20 |
4.6 |
None |
Remote |
High |
??? |
Partial |
Partial |
Partial |
|
Microsoft Office Security Feature Bypass Vulnerability. |
|
4 |
CVE-2022-33631 |
|
|
Bypass |
2022-08-09 |
2022-08-11 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Microsoft Excel Security Feature Bypass Vulnerability. |
|
5 |
CVE-2022-30203 |
|
|
Bypass |
2022-07-12 |
2022-07-20 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Windows Boot Manager Security Feature Bypass Vulnerability. |
|
6 |
CVE-2022-30164 |
863 |
|
Bypass |
2022-06-15 |
2022-07-07 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Kerberos AppContainer Security Feature Bypass Vulnerability. |
|
7 |
CVE-2022-29246 |
120 |
|
Exec Code Overflow Bypass |
2022-05-24 |
2022-06-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. Prior to version 6.1.11, he USBX DFU UPLOAD functionality may be utilized to introduce a buffer overflow resulting in overwrite of memory contents. In particular cases this may allow an attacker to bypass security features or execute arbitrary code. The implementation of `ux_device_class_dfu_control_request` function does not assure that a buffer overflow will not occur during handling of the DFU UPLOAD command. When an attacker issues the `UX_SLAVE_CLASS_DFU_COMMAND_UPLOAD` control transfer request with `wLenght` larger than the buffer size (`UX_SLAVE_REQUEST_CONTROL_MAX_LENGTH`, 256 bytes), depending on the actual implementation of `dfu -> ux_slave_class_dfu_read`, a buffer overflow may occur. In example `ux_slave_class_dfu_read` may read 4096 bytes (or more up to 65k) to a 256 byte buffer ultimately resulting in an overflow. Furthermore in case an attacker has some control over the read flash memory, this may result in execution of arbitrary code and platform compromise. A fix for this issue has been included in USBX release 6.1.11. As a workaround, align request and buffer size to assure that buffer boundaries are respected. |
|
8 |
CVE-2022-29127 |
|
|
Bypass |
2022-05-10 |
2022-05-23 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
BitLocker Security Feature Bypass Vulnerability. |
|
9 |
CVE-2022-29107 |
863 |
|
Bypass |
2022-05-10 |
2022-05-19 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Microsoft Office Security Feature Bypass Vulnerability. |
|
10 |
CVE-2022-26913 |
863 |
|
Bypass |
2022-05-10 |
2022-05-23 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Windows Authentication Security Feature Bypass Vulnerability. |
|
11 |
CVE-2022-24502 |
|
|
Bypass |
2022-03-09 |
2022-05-23 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Windows HTML Platforms Security Feature Bypass Vulnerability. |
|
12 |
CVE-2022-24466 |
863 |
|
Bypass |
2022-05-10 |
2022-05-26 |
2.3 |
None |
Local Network |
Medium |
??? |
None |
Partial |
None |
|
Windows Hyper-V Security Feature Bypass Vulnerability. |
|
13 |
CVE-2022-24465 |
|
|
Bypass |
2022-03-09 |
2022-03-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Microsoft Intune Portal for iOS Security Feature Bypass Vulnerability. |
|
14 |
CVE-2022-24462 |
|
|
Bypass |
2022-03-09 |
2022-03-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Microsoft Word Security Feature Bypass Vulnerability. |
|
15 |
CVE-2022-23280 |
|
|
Bypass |
2022-02-09 |
2022-02-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Microsoft Outlook for Mac Security Feature Bypass Vulnerability. |
|
16 |
CVE-2022-23255 |
863 |
|
Bypass |
2022-02-09 |
2022-02-15 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Microsoft OneDrive for Android Security Feature Bypass Vulnerability. |
|
17 |
CVE-2022-22048 |
863 |
|
Bypass |
2022-07-12 |
2022-07-19 |
6.6 |
None |
Local |
Low |
Not required |
Complete |
Complete |
None |
|
BitLocker Security Feature Bypass Vulnerability. |
|
18 |
CVE-2022-22023 |
|
|
Bypass |
2022-07-12 |
2022-07-16 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability. |
|
19 |
CVE-2022-21968 |
287 |
|
Bypass |
2022-02-09 |
2022-02-14 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Microsoft SharePoint Server Security Feature BypassVulnerability. |
|
20 |
CVE-2022-21925 |
|
|
Bypass |
2022-01-11 |
2022-01-21 |
5.4 |
None |
Remote |
High |
Not required |
Complete |
None |
None |
|
Windows BackupKey Remote Protocol Security Feature Bypass Vulnerability. |
|
21 |
CVE-2022-21924 |
|
|
Bypass |
2022-01-11 |
2022-05-23 |
5.4 |
None |
Remote |
High |
Not required |
Complete |
None |
None |
|
Workstation Service Remote Protocol Security Feature Bypass Vulnerability. |
|
22 |
CVE-2022-21921 |
|
|
Bypass |
2022-01-11 |
2022-05-23 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
Windows Defender Credential Guard Security Feature Bypass Vulnerability. |
|
23 |
CVE-2022-21913 |
863 |
|
Bypass |
2022-01-11 |
2022-05-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass. |
|
24 |
CVE-2022-21906 |
|
|
Bypass |
2022-01-11 |
2022-08-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Windows Defender Application Control Security Feature Bypass Vulnerability. |
|
25 |
CVE-2022-21905 |
|
|
Bypass |
2022-01-11 |
2022-05-23 |
4.9 |
None |
Local Network |
Medium |
??? |
Partial |
Partial |
Partial |
|
Windows Hyper-V Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-21900. |
|
26 |
CVE-2022-21900 |
|
|
Bypass |
2022-01-11 |
2022-05-23 |
3.8 |
None |
Local Network |
Medium |
??? |
None |
Partial |
Partial |
|
Windows Hyper-V Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-21905. |
|
27 |
CVE-2022-21899 |
863 |
|
Bypass |
2022-01-11 |
2022-01-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Windows Extensible Firmware Interface Security Feature Bypass Vulnerability. |
|
28 |
CVE-2022-21894 |
|
|
Bypass |
2022-01-11 |
2022-05-23 |
4.9 |
None |
Local |
Low |
Not required |
None |
Complete |
None |
|
Secure Boot Security Feature Bypass Vulnerability. |
|
29 |
CVE-2021-42292 |
|
|
Bypass |
2021-11-10 |
2022-07-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Microsoft Excel Security Feature Bypass Vulnerability |
|
30 |
CVE-2021-42288 |
|
|
Bypass |
2021-11-10 |
2022-07-12 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Windows Hello Security Feature Bypass Vulnerability |
|
31 |
CVE-2021-41363 |
|
|
Bypass |
2021-10-13 |
2021-10-19 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Intune Management Extension Security Feature Bypass Vulnerability |
|
32 |
CVE-2021-41346 |
|
|
Bypass |
2021-10-13 |
2021-10-19 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Console Window Host Security Feature Bypass Vulnerability |
|
33 |
CVE-2021-41338 |
|
|
Bypass |
2021-10-13 |
2021-10-19 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability |
|
34 |
CVE-2021-41337 |
|
|
Bypass |
2021-10-13 |
2021-10-19 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
Active Directory Security Feature Bypass Vulnerability |
|
35 |
CVE-2021-40460 |
|
|
Bypass |
2021-10-13 |
2022-05-23 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability |
|
36 |
CVE-2021-40456 |
|
|
Bypass |
2021-10-13 |
2022-05-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Windows AD FS Security Feature Bypass Vulnerability |
|
37 |
CVE-2021-38632 |
|
|
Bypass |
2021-09-15 |
2021-09-27 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
BitLocker Security Feature Bypass Vulnerability |
|
38 |
CVE-2021-38624 |
639 |
|
Bypass |
2021-09-15 |
2021-09-27 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
Windows Key Storage Provider Security Feature Bypass Vulnerability |
|
39 |
CVE-2021-36949 |
287 |
|
Bypass |
2021-08-12 |
2021-08-20 |
4.9 |
None |
Local Network |
Medium |
??? |
Partial |
Partial |
Partial |
|
Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability |
|
40 |
CVE-2021-34469 |
|
|
Bypass |
2021-07-14 |
2022-07-12 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Microsoft Office Security Feature Bypass Vulnerability |
|
41 |
CVE-2021-34466 |
290 |
|
Bypass |
2021-07-16 |
2022-07-12 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Windows Hello Security Feature Bypass Vulnerability |
|
42 |
CVE-2021-34446 |
|
|
Bypass |
2021-07-16 |
2021-07-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Windows HTML Platforms Security Feature Bypass Vulnerability |
|
43 |
CVE-2021-33786 |
|
|
Bypass |
2021-07-14 |
2022-07-12 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Windows LSA Security Feature Bypass Vulnerability |
|
44 |
CVE-2021-33781 |
|
|
Bypass |
2021-07-14 |
2021-07-17 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
|
Azure AD Security Feature Bypass Vulnerability |
|
45 |
CVE-2021-33779 |
|
|
Bypass |
2021-07-14 |
2021-07-17 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
|
Windows ADFS Security Feature Bypass Vulnerability |
|
46 |
CVE-2021-33757 |
|
|
Bypass |
2021-07-14 |
2021-07-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Windows Security Account Manager Remote Protocol Security Feature Bypass Vulnerability |
|
47 |
CVE-2021-33744 |
|
|
Bypass |
2021-07-14 |
2022-05-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Windows Secure Kernel Mode Security Feature Bypass Vulnerability |
|
48 |
CVE-2021-31971 |
|
|
Bypass |
2021-06-08 |
2021-06-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Windows HTML Platform Security Feature Bypass Vulnerability |
|
49 |
CVE-2021-31970 |
|
|
Bypass |
2021-06-08 |
2021-09-13 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Windows TCP/IP Driver Security Feature Bypass Vulnerability |
|
50 |
CVE-2021-31962 |
|
|
Bypass |
2021-06-08 |
2022-05-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Kerberos AppContainer Security Feature Bypass Vulnerability |
