Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-33651 | 1 Microsoft | 1 Azure Site Recovery Vmware To Azure | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
Azure Site Recovery Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-33650 | 1 Microsoft | 1 Azure Site Recovery Vmware To Azure | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
Azure Site Recovery Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-33649 | 1 Microsoft | 1 Edge Chromium | 2024-11-21 | N/A | 9.6 CRITICAL |
|
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
|
|||||
| CVE-2022-33648 | 1 Microsoft | 1 Office Online Server | 2024-11-21 | N/A | 7.8 HIGH |
|
Microsoft Excel Remote Code Execution Vulnerability
|
|||||
| CVE-2022-33647 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2024-11-21 | N/A | 8.1 HIGH |
|
Windows Kerberos Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-33644 | 1 Microsoft | 1 Windows 10 | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
|
Xbox Live Save Service Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-33643 | 1 Microsoft | 1 Azure Site Recovery Vmware To Azure | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
|
Azure Site Recovery Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-33642 | 1 Microsoft | 1 Azure Site Recovery Vmware To Azure | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
Azure Site Recovery Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-33641 | 1 Microsoft | 1 Azure Site Recovery Vmware To Azure | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
|
Azure Site Recovery Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-33637 | 1 Microsoft | 1 Defender For Endpoint | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Microsoft Defender for Endpoint Tampering Vulnerability
|
|||||
| CVE-2022-33633 | 1 Microsoft | 2 Lync Server, Skype For Business | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
Skype for Business and Lync Remote Code Execution Vulnerability
|
|||||
| CVE-2022-33632 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2024-11-21 | 4.6 MEDIUM | 4.7 MEDIUM |
|
Microsoft Office Security Feature Bypass Vulnerability
|
|||||
| CVE-2022-33127 | 2 Diffy Project, Microsoft | 2 Diffy, Windows | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The function that calls the diff tool in Diffy 3.4.1 does not properly handle double quotes in a filename when run in a windows environment. This allows attackers to execute arbitrary commands via a crafted string.
|
|||||
| CVE-2022-33085 | 1 Ecisp | 1 Espcms-p8 | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
ESPCMS P8 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the fetch_filename function at \espcms_public\espcms_templates\ESPCMS_Templates.
|
|||||
| CVE-2022-33082 | 1 Openpolicyagent | 1 Open Policy Agent | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue in the AST parser (ast/compile.go) of Open Policy Agent v0.10.2 allows attackers to cause a Denial of Service (DoS) via a crafted input.
|
|||||
| CVE-2022-33070 | 2 Fedoraproject, Protobuf-c Project | 2 Fedora, Protobuf-c | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
|
|||||
| CVE-2022-33067 | 1 Long Range Zip Project | 1 Long Range Zip | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Lrzip v0.651 was discovered to contain multiple invalid arithmetic shifts via the functions get_magic in lrzip.c and Predictor::init in libzpaq/libzpaq.cpp. These vulnerabilities allow attackers to cause a Denial of Service via unspecified vectors.
|
|||||
| CVE-2022-33004 | 1 Pypi | 1 Beginner | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The Beginner package in PyPI v0.0.2 to v0.0.4 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.
|
|||||
| CVE-2022-33003 | 1 Pypi | 1 Watools | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The watools package in PyPI v0.0.1 to v0.0.8 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.
|
|||||
| CVE-2022-33002 | 1 Pypi | 1 Explore | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The KGExplore package in PyPI v0.1.1 to v0.1.2 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.
|
|||||
| CVE-2022-33001 | 1 Pypi | 1 Aamiles | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The AAmiles package in PyPI v0.1.0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.
|
|||||
| CVE-2022-33000 | 1 Pypi | 1 Ml-scanner | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The ML-Scanner package in PyPI v0.1.0 to v0.1.5 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.
|
|||||
| CVE-2022-32999 | 1 Pypi | 1 Cloudlabeling | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The cloudlabeling package in PyPI v0.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.
|
|||||
| CVE-2022-32998 | 1 Pypi | 1 Cryptoasset-data-downloader | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The cryptoasset-data-downloader package in PyPI v1.0.0 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.
|
|||||
| CVE-2022-32997 | 1 Pypi | 1 Rootinteractive | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The RootInteractive package in PyPI v0.0.5 to v0.0.19b0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.
|
|||||
| CVE-2022-32996 | 1 Pypi | 1 Django-navbar-client | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The django-navbar-client package of v0.9.50 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.
|
|||||
| CVE-2022-32974 | 1 Tenable | 1 Nessus | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials.
|
|||||
| CVE-2022-32973 | 1 Tenable | 1 Nessus | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges.
|
|||||
| CVE-2022-32920 | 1 Apple | 1 Xcode | 2024-11-21 | N/A | 5.5 MEDIUM |
|
The issue was addressed with improved checks. This issue is fixed in Xcode 14.0. Parsing a file may lead to disclosure of user information.
|
|||||
| CVE-2022-32876 | 1 Apple | 1 Macos | 2024-11-21 | N/A | 3.3 LOW |
|
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13. A shortcut may be able to view the hidden photos album without authentication.
|
|||||
| CVE-2022-32868 | 1 Apple | 3 Ipados, Iphone Os, Safari | 2024-11-21 | N/A | 4.3 MEDIUM |
|
A logic issue was addressed with improved state management. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. A website may be able to track users through Safari web extensions.
|
|||||
| CVE-2022-32864 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to disclose kernel memory.
|
|||||
| CVE-2022-32854 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
This issue was addressed with improved checks. This issue is fixed in iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to bypass Privacy preferences.
|
|||||
| CVE-2022-32795 | 1 Apple | 2 Ipados, Iphone Os | 2024-11-21 | N/A | 4.3 MEDIUM |
|
This issue was addressed with improved checks. This issue is fixed in iOS 16, iOS 15.7 and iPadOS 15.7. Visiting a malicious website may lead to address bar spoofing.
|
|||||
| CVE-2022-32766 | 1 Intel | 2 Compute Stick Stk2mv64cc, Compute Stick Stk2mv64cc Firmware | 2024-11-21 | N/A | 7.2 HIGH |
|
Improper input validation for some Intel(R) BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2022-32751 | 1 Ibm | 1 Security Verify Directory | 2024-11-21 | N/A | 5.3 MEDIUM |
|
IBM Security Verify Directory 10.0.0 could disclose sensitive server information that could be used in further attacks against the system. IBM X-Force ID: 228437.
|
|||||
| CVE-2022-32742 | 1 Samba | 1 Samba | 2024-11-21 | N/A | 4.3 MEDIUM |
|
A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer).
|
|||||
| CVE-2022-32741 | 1 Otrs | 1 Otrs | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Attacker is able to determine if the provided username exists (and it's valid) using Request New Password feature, based on the response time.
|
|||||
| CVE-2022-32740 | 1 Otrs | 1 Otrs | 2024-11-21 | 4.3 MEDIUM | 3.5 LOW |
|
A reply to a forwarded email article by a 3rd party could unintensionally expose the email content to the ticket customer under certain circumstances.
|
|||||
| CVE-2022-32739 | 1 Otrs | 2 Calendar Resource Planning, Otrs | 2024-11-21 | 5.0 MEDIUM | 3.5 LOW |
|
When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number.
|
|||||