Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-44681 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows Print Spooler Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-44680 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows Graphics Component Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-44679 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Windows Graphics Component Information Disclosure Vulnerability
|
|||||
| CVE-2022-44678 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows Print Spooler Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-44677 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server 2019 and 1 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows Projected File System Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-44675 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows Bluetooth Driver Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-44674 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Windows Bluetooth Driver Information Disclosure Vulnerability
|
|||||
| CVE-2022-44673 | 1 Microsoft | 4 Windows 10, Windows 7, Windows 8.1 and 1 more | 2024-11-21 | N/A | 7.0 HIGH |
|
Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-44671 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server 2019 and 1 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows Graphics Component Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-44668 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows Media Remote Code Execution Vulnerability
|
|||||
| CVE-2022-44667 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows Media Remote Code Execution Vulnerability
|
|||||
| CVE-2022-44666 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows Contacts Remote Code Execution Vulnerability
|
|||||
| CVE-2022-44646 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 2.2 LOW |
|
In JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user's settings
|
|||||
| CVE-2022-44623 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 6.5 MEDIUM |
|
In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in the MetaRunner settings
|
|||||
| CVE-2022-44611 | 1 Intel | 596 Atom X6200fe, Atom X6200fe Firmware, Atom X6211e and 593 more | 2024-11-21 | N/A | 6.9 MEDIUM |
|
Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via adjacent access.
|
|||||
| CVE-2022-44589 | 1 Miniorange | 1 Google Authenticator | 2024-11-21 | N/A | 8.1 HIGH |
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login.This issue affects miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login: from n/a through 5.6.1.
|
|||||
| CVE-2022-44584 | 1 Watchtowerhq | 1 Watchtower | 2024-11-21 | N/A | 9.1 CRITICAL |
|
Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress.
|
|||||
| CVE-2022-44535 | 1 Arubanetworks | 1 Aruba Edgeconnect Enterprise Orchestrator | 2024-11-21 | N/A | 8.8 HIGH |
|
A vulnerability in the Aruba EdgeConnect Enterprise Orchestrator web-based management interface allows remote low-privileged authenticated users to escalate their privileges to those of an administrative user. A successful exploit could allow an attacker to achieve administrative privilege on the web-management interface leading to complete system compromise in Aruba EdgeConnect Enterprise Orchestration Software version(s): Aruba EdgeConnect Enterprise Orchestrator (on-premises), Aruba EdgeConne ...
Show More |
|||||
| CVE-2022-44534 | 1 Arubanetworks | 1 Aruba Edgeconnect Enterprise Orchestrator | 2024-11-21 | N/A | 7.2 HIGH |
|
A vulnerability in the Aruba EdgeConnect Enterprise Orchestrator web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Orchestration Software version(s): Aruba EdgeConnect Enterprise Orchestrator (on-premises), Aruba EdgeConnect Enterprise Orchestrato ...
Show More |
|||||
| CVE-2022-43951 | 1 Fortinet | 2 Fortinac, Fortinac-f | 2024-11-21 | N/A | 5.3 MEDIUM |
|
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below may allow an unauthenticated attacker to access sensitive information via crafted HTTP requests.
|
|||||
| CVE-2022-43928 | 1 Ibm | 1 Db2 Mirror For I | 2024-11-21 | N/A | 4.9 MEDIUM |
|
The IBM Toolbox for Java (Db2 Mirror for i 7.4 and 7.5) could allow a user to obtain sensitive information, caused by utilizing a Java string for processing. Since Java strings are immutable, their contents exist in memory until garbage collected. This means sensitive data could be visible in memory over an indefinite amount of time. IBM has addressed this issue by reducing the amount of time the sensitive data is visible in memory. IBM X-Force ID: 241675.
|
|||||
| CVE-2022-43906 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-11-21 | N/A | 3.1 LOW |
|
IBM Security Guardium 11.5 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. IBM X-Force ID: 240897.
|
|||||
| CVE-2022-43903 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-11-21 | N/A | 4.3 MEDIUM |
|
IBM Security Guardium 10.6, 11.3, and 11.4 could allow an authenticated user to cause a denial of service due to due to improper input validation. IBM X-Force ID: 240894.
|
|||||
| CVE-2022-43902 | 1 Ibm | 1 Mq Appliance | 2024-11-21 | N/A | 6.5 MEDIUM |
|
IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS is vulnerable to a denial of service attack caused by specially crafted PCF or MQSC messages. IBM X-Force ID: 240832.
|
|||||
| CVE-2022-43889 | 3 Apple, Ibm, Microsoft | 3 Macos, Security Verify Privilege On-premises, Windows | 2024-11-21 | N/A | 5.3 MEDIUM |
|
IBM Security Verify Privilege On-Premises 11.5 could disclose sensitive information through an HTTP request that could aid an attacker in further attacks against the system. IBM X-Force ID: 240452.
|
|||||
| CVE-2022-43873 | 1 Ibm | 1 Spectrum Virtualize | 2024-11-21 | N/A | 6.3 MEDIUM |
|
An authenticated user can exploit a vulnerability in the IBM Spectrum Virtualize 8.2, 8.3, 8.4, and 8.5 GUI to execute code and escalate their privilege on the system. IBM X-Force ID: 239847.
|
|||||
| CVE-2022-43868 | 1 Ibm | 1 Security Verify Access Oidc Provider | 2024-11-21 | N/A | 5.3 MEDIUM |
|
IBM Security Verify Access OIDC Provider could disclose directory information that could aid attackers in further attacks against the system. IBM X-Force ID: 239445.
|
|||||
| CVE-2022-43849 | 1 Ibm | 2 Aix, Vios | 2024-11-21 | N/A | 6.2 MEDIUM |
|
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX pfcdd kernel extension to cause a denial of service. IBM X-Force ID: 239170.
|
|||||
| CVE-2022-43848 | 1 Ibm | 2 Aix, Vios | 2024-11-21 | N/A | 6.2 MEDIUM |
|
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX perfstat kernel extension to cause a denial of service. IBM X-Force ID: 239169.
|
|||||
| CVE-2022-43831 | 1 Ibm | 1 Spectrum Scale Container Native Storage Access | 2024-11-21 | N/A | 7.4 HIGH |
|
IBM Storage Scale Container Native Storage Access 5.1.2.1 through 5.1.6.1 could allow a local user to obtain escalated privileges on a host without proper security context settings configured. IBM X-Force ID: 238941.
|
|||||
| CVE-2022-43782 | 1 Atlassian | 1 Crowd | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and subsequent ability to call privileged endpoints in Crowd's REST API under the {{usermanagement}} path.
This vulnerability can only be exploited by IPs specified under the crowd application allowlist in the Remote Addresses configuration, which is {{none}} by default.
The affected versions are all versions 3.x.x, versions 4.x.x before version 4.4.4, and versions 5.x. ...
Show More |
|||||
| CVE-2022-43767 | 1 Siemens | 48 Simatic Cp 1242-7 V2, Simatic Cp 1242-7 V2 Firmware, Simatic Cp 1243-1 and 45 more | 2024-11-21 | N/A | 7.5 HIGH |
|
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0X ...
Show More |
|||||
| CVE-2022-43747 | 1 Baramundi | 1 Management Suite | 2024-11-21 | N/A | 7.5 HIGH |
|
baramundi Management Agent (bMA) in baramundi Management Suite (bMS) 2021 R1 and R2 and 2022 R1 allows remote code execution. This is fixed in security update S-2022-01, which contains fixed bMA setup files for these versions. This also is fixed in baramundi Management Suite 2022 R2.
|
|||||
| CVE-2022-43677 | 1 Free5gc | 1 Free5gc | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In free5GC 3.2.1, a malformed NGAP message can crash the AMF and NGAP decoders via an index-out-of-range panic in aper.GetBitString.
|
|||||
| CVE-2022-43406 | 1 Jenkins | 1 Groovy Libraries | 2024-11-21 | N/A | 9.9 CRITICAL |
|
A sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin 583.vf3b_454e43966 and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
|
|||||
| CVE-2022-43405 | 1 Jenkins | 1 Groovy Libraries | 2024-11-21 | N/A | 9.9 CRITICAL |
|
A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin 612.v84da_9c54906d and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
|
|||||
| CVE-2022-43404 | 1 Jenkins | 1 Script Security | 2024-11-21 | N/A | 9.9 CRITICAL |
|
A sandbox bypass vulnerability involving crafted constructor bodies and calls to sandbox-generated synthetic constructors in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
|
|||||
| CVE-2022-43403 | 1 Jenkins | 1 Script Security | 2024-11-21 | N/A | 9.9 CRITICAL |
|
A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
|
|||||
| CVE-2022-43402 | 1 Jenkins | 1 Pipeline\ | 2024-11-21 | N/A | 9.9 CRITICAL |
|
A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Pipeline: Groovy Plugin 2802.v5ea_628154b_c2 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
|
|||||
| CVE-2022-43401 | 1 Jenkins | 1 Script Security | 2024-11-21 | N/A | 9.9 CRITICAL |
|
A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
|
|||||