| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-27666 |
787 |
|
Overflow |
2022-03-23 |
2022-05-10 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat. |
|
2 |
CVE-2022-27652 |
276 |
|
|
2022-04-18 |
2022-04-27 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. |
|
3 |
CVE-2022-27651 |
276 |
|
|
2022-04-04 |
2022-05-07 |
4.9 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
None |
|
A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the potential to impact confidentiality and integrity. |
|
4 |
CVE-2022-23645 |
125 |
|
|
2022-02-18 |
2022-03-07 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm's state, where the blobheader's hdrsize indicator has an invalid value, may cause an out-of-bounds access when the byte array representing the state of the TPM is accessed. This will likely crash swtpm or prevent it from starting since the state cannot be understood. Users should upgrade to swtpm v0.5.3, v0.6.2, or v0.7.1 to receive a patch. There are currently no known workarounds. |
|
5 |
CVE-2022-21682 |
22 |
|
Dir. Trav. |
2022-01-13 |
2022-02-10 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flatpak prior to 1.12.3 and 1.10.6. flatpak-builder applies `finish-args` last in the build. At this point the build directory will have the full access that is specified in the manifest, so running `flatpak build` against it will gain those permissions. Normally this will not be done, so this is not problem. However, if `--mirror-screenshots-url` is specified, then flatpak-builder will launch `flatpak build --nofilesystem=host appstream-utils mirror-screenshots` after finalization, which can lead to issues even with the `--nofilesystem=host` protection. In normal use, the only issue is that these empty directories can be created wherever the user has write permissions. However, a malicious application could replace the `appstream-util` binary and potentially do something more hostile. This has been resolved in Flatpak 1.12.3 and 1.10.6 by changing the behaviour of `--nofilesystem=home` and `--nofilesystem=host`. |
|
6 |
CVE-2022-1466 |
863 |
|
|
2022-04-26 |
2022-05-06 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though no respective permission was granted. |
|
7 |
CVE-2022-1353 |
|
|
+Priv +Info |
2022-04-29 |
2022-05-11 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. |
|
8 |
CVE-2022-1280 |
416 |
|
DoS +Info |
2022-04-13 |
2022-04-20 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
None |
Partial |
|
A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak. |
|
9 |
CVE-2022-1055 |
416 |
|
+Priv |
2022-03-29 |
2022-05-12 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 |
|
10 |
CVE-2022-0996 |
613 |
|
|
2022-03-23 |
2022-04-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication. |
|
11 |
CVE-2022-0984 |
863 |
|
|
2022-04-29 |
2022-05-10 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges. |
|
12 |
CVE-2022-0918 |
|
|
DoS |
2022-03-16 |
2022-03-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing. |
|
13 |
CVE-2022-0897 |
667 |
|
|
2022-03-25 |
2022-05-19 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the `driver->nwfilters` mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the `driver->nwfilters` object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt’s API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd). |
|
14 |
CVE-2022-0866 |
863 |
|
|
2022-05-10 |
2022-05-18 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. In particular, the org.jboss.as.ejb3.component.EJBComponent class has an incomingRunAsIdentity field. This field is used by the org.jboss.as.ejb3.security.RunAsPrincipalInterceptor to keep track of the current identity prior to switching to a new identity created using the RunAs principal. The exploit consist that the EJBComponent#incomingRunAsIdentity field is currently just a SecurityIdentity. This means in a concurrent environment, where multiple users are repeatedly invoking an EJB that is configured with a RunAs principal, it's possible for the wrong the caller principal to be returned from EJBComponent#getCallerPrincipal. Similarly, it's also possible for EJBComponent#isCallerInRole to return the wrong value. Both of these methods rely on incomingRunAsIdentity. Affects all versions of JBoss EAP from 7.1.0 and all versions of WildFly 11+ when Elytron is enabled. |
|
15 |
CVE-2022-0853 |
401 |
|
+Info |
2022-03-11 |
2022-03-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability. |
|
16 |
CVE-2022-0711 |
835 |
|
DoS |
2022-03-02 |
2022-04-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability. |
|
17 |
CVE-2022-0561 |
476 |
|
DoS |
2022-02-11 |
2022-03-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712. |
|
18 |
CVE-2022-0552 |
444 |
|
|
2022-04-11 |
2022-04-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content. This flaw affects origin-aggregated-logging versions 3.11. |
|
19 |
CVE-2022-0532 |
732 |
|
|
2022-02-09 |
2022-02-22 |
4.9 |
None |
Remote |
Medium |
??? |
Partial |
None |
Partial |
|
An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of "safe" sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kernel namespace. |
|
20 |
CVE-2022-0530 |
|
|
Exec Code |
2022-02-09 |
2022-05-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. |
|
21 |
CVE-2022-0529 |
787 |
|
Exec Code |
2022-02-09 |
2022-05-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. |
|
22 |
CVE-2022-0516 |
|
|
|
2022-03-10 |
2022-03-31 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4. |
|
23 |
CVE-2022-0492 |
287 |
|
Bypass |
2022-03-03 |
2022-05-13 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. |
|
24 |
CVE-2022-0487 |
416 |
|
|
2022-02-04 |
2022-04-30 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1. |
|
25 |
CVE-2022-0330 |
281 |
|
|
2022-03-25 |
2022-04-07 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. |
|
26 |
CVE-2021-44733 |
416 |
|
|
2021-12-22 |
2022-04-01 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. |
|
27 |
CVE-2021-44141 |
59 |
|
|
2022-02-21 |
2022-02-23 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed. |
|
28 |
CVE-2021-43389 |
125 |
|
|
2021-11-04 |
2022-04-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. |
|
29 |
CVE-2021-42781 |
787 |
|
Overflow |
2022-04-18 |
2022-04-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library. |
|
30 |
CVE-2021-42780 |
252 |
|
|
2022-04-18 |
2022-04-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library. |
|
31 |
CVE-2021-42779 |
416 |
|
|
2022-04-18 |
2022-04-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid. |
|
32 |
CVE-2021-42778 |
672 |
|
|
2022-04-18 |
2022-04-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo. |
|
33 |
CVE-2021-41819 |
565 |
|
|
2022-01-01 |
2022-05-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby. |
|
34 |
CVE-2021-41817 |
|
|
DoS |
2022-01-01 |
2022-05-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1. |
|
35 |
CVE-2021-40153 |
22 |
|
Dir. Trav. |
2021-08-27 |
2021-10-07 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination. |
|
36 |
CVE-2021-32672 |
125 |
|
|
2021-10-04 |
2022-05-13 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14. |
|
37 |
CVE-2021-32029 |
200 |
|
+Info |
2021-10-08 |
2021-12-03 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
A flaw was found in postgresql. Using an UPDATE ... RETURNING command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality. |
|
38 |
CVE-2021-31918 |
200 |
|
+Info |
2021-05-06 |
2021-05-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A flaw was found in tripleo-ansible version as shipped in Red Hat Openstack 16.1. The Ansible log file is readable to all users during stack update and creation. The highest threat from this vulnerability is to data confidentiality. |
|
39 |
CVE-2021-30501 |
20 |
|
DoS |
2021-05-27 |
2021-06-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. The flow allows attackers to cause a denial of service (abort) via a crafted file. |
|
40 |
CVE-2021-30471 |
674 |
|
Overflow |
2021-05-26 |
2021-06-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow. |
|
41 |
CVE-2021-30470 |
674 |
|
Overflow |
2021-05-26 |
2021-06-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow. |
|
42 |
CVE-2021-30469 |
416 |
|
DoS |
2021-05-26 |
2021-06-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file. |
|
43 |
CVE-2021-23214 |
89 |
|
Sql |
2022-03-04 |
2022-03-15 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. |
|
44 |
CVE-2021-20324 |
384 |
|
|
2022-04-18 |
2022-04-26 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
A flaw was found in WildFly Elytron. A variation to the use of a session fixation exploit when using Undertow was found despite Undertow switching the session ID after authentication. |
|
45 |
CVE-2021-20323 |
79 |
|
XSS |
2022-03-25 |
2022-03-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak. |
|
46 |
CVE-2021-20321 |
362 |
|
|
2022-02-18 |
2022-05-11 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system. |
|
47 |
CVE-2021-20320 |
200 |
|
+Info |
2022-02-18 |
2022-03-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux kernel. In this flaw, a local attacker with special user privilege can circumvent the verifier and may lead to a confidentiality problem. |
|
48 |
CVE-2021-20306 |
863 |
|
|
2021-06-01 |
2021-09-09 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
A flaw was found in the BPMN editor in version jBPM 7.51.0.Final. Any authenticated user from any project can see the name of Ruleflow Groups from other projects, despite the user not having access to those projects. The highest threat from this vulnerability is to confidentiality. |
|
49 |
CVE-2021-20297 |
20 |
|
|
2021-05-26 |
2021-06-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a profile crashes NetworkManager. The highest threat from this vulnerability is to system availability. |
|
50 |
CVE-2021-20293 |
79 |
|
XSS |
2021-06-10 |
2021-09-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. This flaw allows an attacker to launch a reflected XSS attack. The highest threat from this vulnerability is to data confidentiality and integrity. |
