| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-31030 |
400 |
|
|
2022-06-09 |
2022-11-29 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can cause containerd to consume all available memory on the computer, denying service to other legitimate workloads. Kubernetes and crictl can both be configured to use containerd's CRI implementation; `ExecSync` may be used when running probes or when executing processes via an "exec" facility. This bug has been fixed in containerd 1.6.6 and 1.5.13. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used. |
|
2 |
CVE-2022-29900 |
200 |
|
Exec Code +Info |
2022-07-12 |
2022-10-26 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. |
|
3 |
CVE-2022-28389 |
415 |
|
|
2022-04-03 |
2023-01-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free. |
|
4 |
CVE-2022-28388 |
415 |
|
|
2022-04-03 |
2023-01-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. |
|
5 |
CVE-2022-24919 |
79 |
|
Exec Code XSS CSRF |
2022-03-09 |
2023-02-22 |
2.1 |
None |
Remote |
High |
??? |
None |
Partial |
None |
|
An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks. |
|
6 |
CVE-2022-24918 |
79 |
|
Exec Code XSS CSRF |
2022-03-09 |
2023-02-22 |
2.1 |
None |
Remote |
High |
??? |
None |
Partial |
None |
|
An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks. |
|
7 |
CVE-2022-24917 |
79 |
|
Exec Code XSS CSRF |
2022-03-09 |
2023-02-22 |
2.1 |
None |
Remote |
High |
??? |
None |
Partial |
None |
|
An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks. |
|
8 |
CVE-2022-24736 |
476 |
|
|
2022-04-27 |
2022-10-07 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules. |
|
9 |
CVE-2022-24349 |
79 |
|
XSS |
2022-03-09 |
2023-02-22 |
2.1 |
None |
Remote |
High |
??? |
None |
Partial |
None |
|
An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attack can be implemented with the help of social engineering and expiration of a number of factors - an attacker should have authorized access to the Zabbix Frontend and allowed network connection between a malicious server and victim’s computer, understand attacked infrastructure, be recognized by the victim as a trustee and use trusted communication channel. |
|
10 |
CVE-2022-24130 |
120 |
|
Overflow |
2022-01-31 |
2022-08-19 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text. |
|
11 |
CVE-2022-23825 |
668 |
|
|
2022-07-14 |
2023-01-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. |
|
12 |
CVE-2022-23645 |
125 |
|
|
2022-02-18 |
2022-03-07 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm's state, where the blobheader's hdrsize indicator has an invalid value, may cause an out-of-bounds access when the byte array representing the state of the TPM is accessed. This will likely crash swtpm or prevent it from starting since the state cannot be understood. Users should upgrade to swtpm v0.5.3, v0.6.2, or v0.7.1 to receive a patch. There are currently no known workarounds. |
|
13 |
CVE-2022-23034 |
191 |
|
|
2022-01-25 |
2022-08-19 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
A PV guest could DoS Xen while unmapping a grant To address XSA-380, reference counting was introduced for grant mappings for the case where a PV guest would have the IOMMU enabled. PV guests can request two forms of mappings. When both are in use for any individual mapping, unmapping of such a mapping can be requested in two steps. The reference count for such a mapping would then mistakenly be decremented twice. Underflow of the counters gets detected, resulting in the triggering of a hypervisor bug check. |
|
14 |
CVE-2022-21702 |
79 |
|
XSS |
2022-02-08 |
2022-09-10 |
2.1 |
None |
Remote |
High |
??? |
None |
Partial |
None |
|
Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting (XSS) attack. The attacker could either compromise an existing datasource for a specific Grafana instance or either set up its own public service and instruct anyone to set it up in their Grafana instance. To be impacted, all of the following must be applicable. For the data source proxy: A Grafana HTTP-based datasource configured with Server as Access Mode and a URL set, the attacker has to be in control of the HTTP server serving the URL of above datasource, and a specially crafted link pointing at the attacker controlled data source must be clicked on by an authenticated user. For the plugin proxy: A Grafana HTTP-based app plugin configured and enabled with a URL set, the attacker has to be in control of the HTTP server serving the URL of above app, and a specially crafted link pointing at the attacker controlled plugin must be clocked on by an authenticated user. For the backend plugin resource: An attacker must be able to navigate an authenticated user to a compromised plugin through a crafted link. Users are advised to update to a patched version. There are no known workarounds for this vulnerability. |
|
15 |
CVE-2022-21166 |
459 |
|
|
2022-06-15 |
2022-08-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. |
|
16 |
CVE-2022-21125 |
459 |
|
|
2022-06-15 |
2022-08-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. |
|
17 |
CVE-2022-21123 |
459 |
|
|
2022-06-15 |
2022-08-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. |
|
18 |
CVE-2022-0322 |
704 |
|
DoS |
2022-03-25 |
2023-02-02 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). |
|
19 |
CVE-2021-46668 |
400 |
|
|
2022-02-01 |
2022-09-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures. |
|
20 |
CVE-2021-46667 |
190 |
|
Overflow |
2022-02-01 |
2022-09-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. |
|
21 |
CVE-2021-46665 |
|
|
|
2022-02-01 |
2022-09-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations. |
|
22 |
CVE-2021-46664 |
476 |
|
|
2022-02-01 |
2022-06-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr. |
|
23 |
CVE-2021-46663 |
|
|
|
2022-02-01 |
2022-06-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements. |
|
24 |
CVE-2021-46661 |
|
|
|
2022-02-01 |
2022-06-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). |
|
25 |
CVE-2021-46659 |
|
|
|
2022-01-29 |
2022-06-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. |
|
26 |
CVE-2021-44647 |
843 |
|
DoS |
2022-01-11 |
2022-05-13 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service. |
|
27 |
CVE-2021-43976 |
|
|
DoS |
2021-11-17 |
2023-02-24 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic). |
|
28 |
CVE-2021-42373 |
476 |
|
DoS |
2021-11-15 |
2022-03-31 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given |
|
29 |
CVE-2021-40530 |
327 |
|
|
2021-09-06 |
2021-10-18 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. |
|
30 |
CVE-2021-40529 |
327 |
|
|
2021-09-06 |
2022-12-09 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. |
|
31 |
CVE-2021-38165 |
522 |
|
|
2021-08-07 |
2021-12-02 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data. |
|
32 |
CVE-2021-36087 |
125 |
|
|
2021-07-01 |
2021-11-17 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block. |
|
33 |
CVE-2021-36086 |
416 |
|
|
2021-07-01 |
2021-11-17 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list). |
|
34 |
CVE-2021-36085 |
416 |
|
|
2021-07-01 |
2021-11-17 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map). |
|
35 |
CVE-2021-36084 |
416 |
|
|
2021-07-01 |
2021-11-17 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper). |
|
36 |
CVE-2021-35588 |
|
|
DoS |
2021-10-20 |
2022-09-23 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u311, 8u301; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L). |
|
37 |
CVE-2021-35477 |
203 |
|
Bypass +Info |
2021-08-02 |
2021-11-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled value. |
|
38 |
CVE-2021-34558 |
295 |
|
|
2021-07-15 |
2022-08-04 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic. |
|
39 |
CVE-2021-34557 |
120 |
|
Overflow Bypass |
2021-06-10 |
2021-09-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. A buffer overflow in update_screen_layout() allows an attacker to bypass the standard screen lock authentication mechanism by crashing XScreenSaver. The attacker must physically disconnect many video outputs. |
|
40 |
CVE-2021-34556 |
203 |
|
Bypass +Info |
2021-08-02 |
2021-12-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack. |
|
41 |
CVE-2021-32680 |
778 |
|
|
2021-07-12 |
2022-10-26 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Nextcloud Server is a Nextcloud package that handles data storage. In versions priot to 19.0.13, 20.0.11, and 21.0.3, Nextcloud Server audit logging functionality wasn't properly logging events for the unsetting of a share expiration date. This event is supposed to be logged. This issue is patched in versions 19.0.13, 20.0.11, and 21.0.3. |
|
42 |
CVE-2021-31829 |
863 |
|
|
2021-05-06 |
2022-01-01 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized data that might represent sensitive information previously operated on by the kernel. |
|
43 |
CVE-2021-31525 |
674 |
|
DoS |
2021-05-27 |
2022-11-09 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations. |
|
44 |
CVE-2021-30178 |
476 |
|
|
2021-04-07 |
2021-06-04 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the Linux kernel through 5.11.11. synic_get in arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to the SynIC Hyper-V context, aka CID-919f4ebc5987. |
|
45 |
CVE-2021-29647 |
909 |
|
+Info |
2021-03-30 |
2022-07-12 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624. |
|
46 |
CVE-2021-29646 |
|
|
|
2021-03-30 |
2021-04-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key in net/tipc/node.c does not properly validate certain data sizes, aka CID-0217ed2848e8. |
|
47 |
CVE-2021-29473 |
125 |
|
DoS |
2021-04-26 |
2021-09-21 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4. Please see our security policy for information about Exiv2 security. |
|
48 |
CVE-2021-29157 |
22 |
|
Dir. Trav. |
2021-06-28 |
2021-09-20 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation with the posix fs driver. |
|
49 |
CVE-2021-29155 |
125 |
|
+Info |
2021-04-20 |
2022-04-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations. |
|
50 |
CVE-2021-28950 |
834 |
|
|
2021-03-20 |
2022-05-13 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A "stall on CPU" can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. |
