Latest-state board for filtered MSRC CVEs from 2020-01-01 to today, tuned for fast triage across module, CWE, release window, exploitation signal, and acknowledgement context.
| CVE | Module | CWE | Title Advisory text and compact technical context | Release | Exploited | Acknowledgement |
|---|---|---|---|---|---|---|
| CVE-2022-21999 |
Windows Print Spooler
|
Windows Print Spooler Elevation of Privilege Vulnerability
CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
|
2022-02-08 | No |
Reported By
Xuefeng Li (@lxf02942370) & Zhiniang Peng (@edwardzpeng) of Sangfor Via Tianfu CUP
Oliver Lyak with Institut For Cyber Risk |
|
| CVE-2022-21997 |
Windows Print Spooler
|
Windows Print Spooler Elevation of Privilege Vulnerability
CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
|
2022-02-08 | No |
Reported By
|
|
| CVE-2022-21992 |
Windows Mobile Device Management
|
Windows Mobile Device Management Remote Code Execution Vulnerability
CVSS vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
|
2022-02-08 | No |
Reported By
|
|
| CVE-2022-21989 |
Windows Kernel
|
Windows Kernel Elevation of Privilege Vulnerability
CVSS vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
|
2022-02-08 | No |
Reported By
Anonymous
|
|
| CVE-2022-22712 |
Windows Hyper-V
|
Windows Hyper-V Denial of Service Vulnerability
CVSS vector: AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
|
2022-02-08 | No |
Reported By
rezer0dai with Tutti Frutti
|
|
| CVE-2022-21995 |
Windows Hyper-V
|
Windows Hyper-V Remote Code Execution Vulnerability
CVSS vector: AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
|
2022-02-08 | No |
Reported By
rezer0dai with EatingFigs ENooPig
|
|
| CVE-2022-21994 |
Windows DWM Core Library
|
Windows DWM Core Library Elevation of Privilege Vulnerability
CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
|
2022-02-08 | No | ||
| CVE-2022-21984 |
Windows DNS Server
|
Windows DNS Server Remote Code Execution Vulnerability
CVSS vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
|
2022-02-08 | No |
Reported By
Microsoft Offensive Research & Security Engineering (MORSE)
|
|
| CVE-2022-22710 |
Windows Common Log File System Driver
|
Windows Common Log File System Driver Denial of Service Vulnerability
CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
|
2022-02-08 | No |
Reported By
RyeLv(@b2ahex) of Tencent
|
|
| CVE-2022-22000 |
Windows Common Log File System Driver
|
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
|
2022-02-08 | No |
Reported By
Kunlun Lab via TianfuCup
|
|
| CVE-2022-21998 |
Windows Common Log File System Driver
|
Windows Common Log File System Driver Information Disclosure Vulnerability
CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
|
2022-02-08 | No |
Reported By
Anonymous
|
|
| CVE-2022-21981 |
Windows Common Log File System Driver
|
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
|
2022-02-08 | No |
Reported By
|
|
| CVE-2022-21996 |
Win32k
|
Win32k Elevation of Privilege Vulnerability
CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
|
2022-02-08 | No |
Reported By
bee13oy with Cyber Kunlun Lab
|
|
| CVE-2022-21974 |
Roaming Security Rights Management Services
|
Roaming Security Rights Management Services Remote Code Execution Vulnerability
CVSS vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
|
2022-02-08 | No |
Reported By
|
|
| CVE-2022-22715 |
Named Pipe File System
|
Named Pipe File System Elevation of Privilege Vulnerability
CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
|
2022-02-08 | No |
Reported By
Kunlun lab (https://www.cyberkl.com) via TianfuCup (https://www.tianfucup.com)
|
|
| CVE-2022-21965 |
Microsoft Teams
|
Microsoft Teams Denial of Service Vulnerability
CVSS vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
|
2022-02-08 | No |
Reported By
Frank Cozijnsen of the KPN REDteam
|
|
| CVE-2022-23254 |
Microsoft Power BI
|
Microsoft Power BI Information Disclosure Vulnerability
CVSS vector: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
|
2022-02-08 | No | - | |
| CVE-2022-21927 |
HEVC Video Extensions
|
HEVC Video Extensions Remote Code Execution Vulnerability
CVSS vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
|
2022-02-08 | No |
Reported By
Dhanesh Kizhakkinan with Mandiant
|
|
| CVE-2022-21926 |
HEVC Video Extensions
|
HEVC Video Extensions Remote Code Execution Vulnerability
CVSS vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
|
2022-02-08 | No |
Reported By
Dhanesh Kizhakkinan with Mandiant
|
|
| CVE-2022-21844 |
HEVC Video Extensions
|
HEVC Video Extensions Remote Code Execution Vulnerability
CVSS vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
|
2022-02-08 | No |
Reported By
Dhanesh Kizhakkinan with Mandiant
|
| CVE | Module | CWE | Title Advisory text and compact technical context | Release | Exploited | Acknowledgement |
|---|---|---|---|---|---|---|
| CVE-2022-21341 |
Vulnerability in the Oracle Java SE Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321 8u311 11.0.13 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial
|
Vulnerability in the Oracle Java SE Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321 8u311 11.0.13 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments typically in clients running sandboxed Java Web Start applications or sandboxed Java applets that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component e.g. through a web service which supplie
CVSS vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
2022-01-26 | - | - | |
| CVE-2022-21340 |
Vulnerability in the Oracle Java SE Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321 8u311 11.0.13 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial
|
Vulnerability in the Oracle Java SE Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321 8u311 11.0.13 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments typically in clients running sandboxed Java Web Start applications or sandboxed Java applets that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component e.g. through a web service which supplies da
CVSS vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
2022-01-26 | - | - | |
| CVE-2022-21294 |
Vulnerability in the Oracle Java SE Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321 8u311 11.0.13 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial
|
Vulnerability in the Oracle Java SE Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321 8u311 11.0.13 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments typically in clients running sandboxed Java Web Start applications or sandboxed Java applets that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component e.g. through a web service which supplies da
CVSS vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
2022-01-26 | - | - | |
| CVE-2022-21293 |
Vulnerability in the Oracle Java SE Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321 8u311 11.0.13 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial
|
Vulnerability in the Oracle Java SE Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321 8u311 11.0.13 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments typically in clients running sandboxed Java Web Start applications or sandboxed Java applets that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component e.g. through a web service which supplies da
CVSS vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
2022-01-26 | - | - | |
| CVE-2022-21299 |
Vulnerability in the Oracle Java SE Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321 8u311 11.0.13 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial
|
Vulnerability in the Oracle Java SE Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321 8u311 11.0.13 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments typically in clients running sandboxed Java Web Start applications or sandboxed Java applets that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component e.g. through a web service which supplies data to
CVSS vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
2022-01-26 | - | - | |
| CVE-2022-21365 |
Vulnerability in the Oracle Java SE Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321 8u311 11.0.13 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial
|
Vulnerability in the Oracle Java SE Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321 8u311 11.0.13 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments typically in clients running sandboxed Java Web Start applications or sandboxed Java applets that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component e.g. through a web service which supplies data
CVSS vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
2022-01-26 | - | - | |
| CVE-2022-21360 |
Vulnerability in the Oracle Java SE Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321 8u311 11.0.13 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial
|
Vulnerability in the Oracle Java SE Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321 8u311 11.0.13 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments typically in clients running sandboxed Java Web Start applications or sandboxed Java applets that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component e.g. through a web service which supplies data
CVSS vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
2022-01-26 | - | - | |
| CVE-2022-21349 |
Vulnerability in the Oracle Java SE Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 7u321 8u311; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial
|
Vulnerability in the Oracle Java SE Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 7u321 8u311; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments typically in clients running sandboxed Java Web Start applications or sandboxed Java applets that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component e.g. through a web service which supplies data to the APIs. CVSS 3
CVSS vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
2022-01-26 | - | - |
| CVE | Module | CWE | Title Advisory text and compact technical context | Release | Exploited | Acknowledgement |
|---|---|---|---|---|---|---|
| CVE-2022-21313 |
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial
|
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).
CVSS vector: AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
|
2022-01-25 | - | - | |
| CVE-2022-21323 |
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.5.24 and prior 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial
|
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.5.24 and prior 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).
CVSS vector: AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
|
2022-01-25 | - | - | |
| CVE-2022-21357 |
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior 7.5.24 and prior 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial
|
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior 7.5.24 and prior 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).
CVSS vector: AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
|
2022-01-25 | - | - | |
| CVE-2022-21355 |
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior 7.5.24 and prior 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial
|
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior 7.5.24 and prior 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).
CVSS vector: AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
|
2022-01-25 | - | - | |
| CVE-2022-21333 |
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior 7.5.24 and prior 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial
|
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior 7.5.24 and prior 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).
CVSS vector: AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
|
2022-01-25 | - | - | |
| CVE-2022-21331 |
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior 7.5.24 and prior 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial
|
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior 7.5.24 and prior 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).
CVSS vector: AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
|
2022-01-25 | - | - | |
| CVE-2022-21325 |
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior 7.5.24 and prior 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial
|
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior 7.5.24 and prior 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).
CVSS vector: AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
|
2022-01-25 | - | - | |
| CVE-2022-21324 |
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior 7.5.24 and prior 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial
|
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior 7.5.24 and prior 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).
CVSS vector: AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
|
2022-01-25 | - | - | |
| CVE-2022-21321 |
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior 7.5.24 and prior 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial
|
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior 7.5.24 and prior 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).
CVSS vector: AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
|
2022-01-25 | - | - | |
| CVE-2022-21319 |
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior 7.5.24 and prior 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial
|
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior 7.5.24 and prior 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).
CVSS vector: AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
|
2022-01-25 | - | - | |
| CVE-2022-21317 |
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior 7.5.24 and prior 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial
|
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior 7.5.24 and prior 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).
CVSS vector: AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
|
2022-01-25 | - | - | |
| CVE-2022-21312 |
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior 7.5.24 and prior 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial
|
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior 7.5.24 and prior 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).
CVSS vector: AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
|
2022-01-25 | - | - | |
| CVE-2022-21311 |
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior 7.5.24 and prior 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial
|
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior 7.5.24 and prior 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).
CVSS vector: AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
|
2022-01-25 | - | - |
| CVE | Module | CWE | Title Advisory text and compact technical context | Release | Exploited | Acknowledgement |
|---|---|---|---|---|---|---|
| CVE-2022-21271 |
Vulnerability in the Oracle Java SE Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321 8u311 11.0.13; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial
|
Vulnerability in the Oracle Java SE Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321 8u311 11.0.13; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments typically in clients running sandboxed Java Web Start applications or sandboxed Java applets that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component e.g. through a web service which supplies data to t
CVSS vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
2022-01-22 | - | - |
| CVE | Module | CWE | Title Advisory text and compact technical context | Release | Exploited | Acknowledgement |
|---|---|---|---|---|---|---|
| CVE-2021-27135 |
xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a
|
xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence.
CVSS vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
2022-01-19 | - | - |
| CVE | Module | CWE | Title Advisory text and compact technical context | Release | Exploited | Acknowledgement |
|---|---|---|---|---|---|---|
| CVE-2022-21834 |
Windows User-mode Driver Framework Reflector Driver
|
Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability
CVSS vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
|
2022-01-11 | No | - | |
| CVE-2022-21919 |
Windows User Profile Service
|
Windows User Profile Service Elevation of Privilege Vulnerability
CVSS vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
|
2022-01-11 | No | - | |
| CVE-2022-21895 |
Windows User Profile Service
|
Windows User Profile Service Elevation of Privilege Vulnerability
CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
|
2022-01-11 | No |
Reported By
Qinrun Dai(@2st) of Singular Security Lab
Abdelhamid Naceri working with Trend Micro Zero Day Initiative |
|
| CVE-2022-21864 |
Windows UI Immersive Server API
|
Windows UI Immersive Server API Elevation of Privilege Vulnerability
CVSS vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
|
2022-01-11 | No | - | |
| CVE-2022-21866 |
Windows System Launcher
|
Windows System Launcher Elevation of Privilege Vulnerability
CVSS vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
|
2022-01-11 | No | - | |
| CVE-2022-21875 |
Windows Storage
|
Windows Storage Elevation of Privilege Vulnerability
CVSS vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
|
2022-01-11 | No | - | |
| CVE-2022-21863 |
Windows StateRepository API Server file
|
Windows StateRepository API Server file Elevation of Privilege Vulnerability
CVSS vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
|
2022-01-11 | No | - |