Skip to main content
CVE-2022-29107 MEDIUM PATCH This Month

Microsoft Office Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Authentication Bypass 365 Apps Office Office Long Term Servicing Channel +2
NVD VulDB
CVSS 3.1
5.5
EPSS
7.7%
CVE-2022-29151 HIGH PATCH This Week

Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Microsoft Information Disclosure Windows Server Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
7.0
EPSS
0.6%
CVE-2022-29150 HIGH PATCH This Week

Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Microsoft Information Disclosure Windows Server Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
7.0
EPSS
0.6%
CVE-2022-29142 HIGH PATCH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Microsoft Information Disclosure Windows 10 Windows Server Windows Server 2019 +1
NVD
CVSS 3.1
7.0
EPSS
5.2%
CVE-2022-29138 HIGH PATCH This Week

Windows Clustered Shared Volume Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Microsoft Information Disclosure Windows Server Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
7.0
EPSS
0.6%
CVE-2022-29135 HIGH PATCH This Week

Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Microsoft Information Disclosure Windows Server Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
7.0
EPSS
0.7%
CVE-2022-29126 HIGH PATCH This Week

Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Microsoft Information Disclosure Windows 10 Windows 11 Windows 8 1 +6
NVD
CVSS 3.1
7.0
EPSS
0.6%
CVE-2022-29125 HIGH PATCH This Week

Windows Push Notifications Apps Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Microsoft Information Disclosure Windows 10 Windows 11 Windows 8 1 +5
NVD
CVSS 3.1
7.0
EPSS
0.7%
CVE-2022-29106 HIGH PATCH This Week

Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019 +1
NVD
CVSS 3.1
7.0
EPSS
0.5%
CVE-2022-26939 HIGH PATCH This Week

Storage Spaces Direct Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Information Disclosure Windows Server Windows Server 2016 Windows Server 2019 Windows Server 2022
NVD
CVSS 3.1
7.0
EPSS
0.5%
CVE-2022-26938 HIGH PATCH This Week

Storage Spaces Direct Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Information Disclosure Windows Server Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.0
EPSS
0.7%
CVE-2022-23279 HIGH PATCH This Week

Windows ALPC Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Microsoft Information Disclosure Windows 10 Windows 11 Windows Server 2022
NVD
CVSS 3.1
7.0
EPSS
4.9%
CVE-2022-22016 HIGH PATCH This Week

Windows PlayToManager Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Microsoft Information Disclosure Windows 10 Windows 11 Windows Server +2
NVD
CVSS 3.1
7.0
EPSS
0.5%
CVE-2022-20118 HIGH This Week

In ion_ioctl and related functions of ion.c, there is a possible use after free due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.

Google Race Condition Privilege Escalation Denial Of Service Android
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2022-20007 HIGH PATCH This Week

In startActivityForAttachedApplicationIfNeeded of RootWindowContainer.java, there is a possible way to overlay an app that believes it's still in the foreground, when it is not, due to a race. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Google Race Condition Privilege Escalation Android
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2022-20006 HIGH This Week

In several functions of KeyguardServiceWrapper.java and related files,, there is a possible way to briefly view what's under the lockscreen due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.

Google Race Condition Privilege Escalation Java Android
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2022-20009 MEDIUM PATCH This Month

In various functions of the USB gadget subsystem, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Memory Corruption Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2022-29134 MEDIUM PATCH This Month

Windows Clustered Shared Volume Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows Server Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-29123 MEDIUM PATCH This Month

Windows Clustered Shared Volume Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows Server Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-29122 MEDIUM PATCH This Month

Windows Clustered Shared Volume Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows Server Windows Server 2012 Windows Server 2016 +1
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-29121 MEDIUM PATCH This Month

Windows WLAN AutoConfig Service Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Microsoft Windows 10 Windows 11 Windows 7 +8
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-29120 MEDIUM PATCH This Month

Windows Clustered Shared Volume Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows Server Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-29112 MEDIUM PATCH This Month

Windows Graphics Component Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
6.5
EPSS
3.0%
CVE-2022-26940 MEDIUM PATCH This Month

Remote Desktop Protocol Client Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Remote Desktop Client Windows 11 Windows Server 2022
NVD
CVSS 3.1
6.5
EPSS
2.4%
CVE-2022-26936 MEDIUM PATCH This Month

Windows Server Service Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
6.5
EPSS
2.7%
CVE-2022-26935 MEDIUM PATCH This Month

Windows WLAN AutoConfig Service Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-22015 MEDIUM PATCH This Month

Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Remote Desktop Client Windows 10 Windows 11 +7
NVD
CVSS 3.1
6.5
EPSS
2.4%
CVE-2022-20010 MEDIUM PATCH This Month

In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-24041 MEDIUM This Month

A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Desigo Pxc5 Firmware Desigo Pxc4 Firmware Desigo Pxc3 Firmware Desigo Dxr2 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-24040 MEDIUM This Month

A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Desigo Pxc5 Firmware Desigo Pxc4 Firmware Desigo Pxc3 Firmware Desigo Dxr2 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-1567 MEDIUM This Month

The WP-JS plugin for WordPress contains a script called wp-js.php with the function wp_js_admin, that accepts unvalidated user input and echoes it back to the user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP XSS Wp Js
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-30278 MEDIUM This Month

A vulnerability in Black Duck Hub’s embedded MadCap Flare documentation files could allow an unauthenticated remote attacker to conduct a cross-site scripting attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Black Duck Hub
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-26925 MEDIUM KEV PATCH THREAT This Month

Windows LSA Spoofing Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +14
NVD
CVSS 3.1
5.9
EPSS
10.5%
CVE-2022-22713 MEDIUM PATCH This Month

Windows Hyper-V Denial of Service Vulnerability. Rated medium severity (CVSS 5.6).

Denial Of Service Microsoft Windows 10 Windows Server
NVD
CVSS 3.1
5.6
EPSS
0.7%
CVE-2022-29140 MEDIUM PATCH This Month

Windows Print Spooler Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows Server +3
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2022-29114 MEDIUM PATCH This Month

Windows Print Spooler Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2022-29102 MEDIUM PATCH This Month

Windows Failover Cluster Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows Server Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-26933 MEDIUM PATCH This Month

Windows NTFS Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-26930 MEDIUM PATCH This Month

Windows Remote Access Connection Manager Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-22011 MEDIUM PATCH This Month

Windows Graphics Component Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-20121 MEDIUM This Month

In getNodeValue of USCCDMPlugin.java, there is a possible disclosure of ICCID due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20119 MEDIUM This Month

In private_handle_t of mali_gralloc_buffer.h, there is a possible information disclosure due to uninitialized data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20117 MEDIUM This Month

In (TBD) of (TBD), there is a possible way to decrypt local data encrypted by the GSC due to improperly used crypto. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20115 MEDIUM PATCH This Month

In broadcastServiceStateChanged of TelephonyRegistry.java, there is a possible way to learn base station information without location permission due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20112 MEDIUM This Month

In getAvailabilityStatus of PrivateDnsPreferenceController.java, there is a possible way for a guest user to change private DNS settings due to a permissions bypass. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20011 MEDIUM PATCH This Month

In getArray of NotificationManagerService.java , there is a possible leak of one user notifications to another due to missing check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Information Disclosure Java Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-1431 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2022-0866 MEDIUM This Month

This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jboss Enterprise Application Platform Openstack Platform Wildfly
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-29116 MEDIUM PATCH This Month

Windows Kernel Information Disclosure Vulnerability. Rated medium severity (CVSS 4.7).

Race Condition Microsoft Information Disclosure Windows 11
NVD
CVSS 3.1
4.7
EPSS
0.5%
CVE-2022-20008 MEDIUM This Month

In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
4.6
EPSS
0.4%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy