Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-23255 | 1 Microsoft | 1 Onedrive | 2024-11-21 | 4.6 MEDIUM | 5.9 MEDIUM |
|
Microsoft OneDrive for Android Security Feature Bypass Vulnerability
|
|||||
| CVE-2022-23254 | 1 Microsoft | 1 Powerbi-client Js Sdk | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
Microsoft Power BI Information Disclosure Vulnerability
|
|||||
| CVE-2022-23253 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability
|
|||||
| CVE-2022-23252 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Microsoft Office Information Disclosure Vulnerability
|
|||||
| CVE-2022-23238 | 5 Canonical, Centos, Linux and 2 more | 5 Ubuntu Linux, Centos, Linux Kernel and 2 more | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Linux deployments of StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.2 deployed with a Linux kernel version less than 4.7.0 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to view limited metrics information and modify alert email recipients and content.
|
|||||
| CVE-2022-23235 | 1 Netapp | 1 Active Iq Unified Manager | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.10P1 are susceptible to a vulnerability which could allow an attacker to discover cluster, node and Active IQ Unified Manager specific information via AutoSupport telemetry data that is sent even when AutoSupport has been disabled.
|
|||||
| CVE-2022-23233 | 1 Netapp | 1 Storagegrid | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service (DoS) of the Local Distribution Router (LDR) service.
|
|||||
| CVE-2022-23232 | 1 Netapp | 1 Storagegrid | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could allow disabled, expired, or locked external user accounts to access S3 data to which they previously had access. StorageGRID 11.6.0 obtains the user account status from Active Directory or Azure and will block S3 access for disabled user accounts during the subsequent background synchronization. User accounts that are expired or locked for Active Directo ...
Show More |
|||||
| CVE-2022-23171 | 2 Atlasvpn, Microsoft | 2 Atlasvpn, Windows | 2024-11-21 | 9.0 HIGH | 5.9 MEDIUM |
|
AtlasVPN - Privilege Escalation Lack of proper security controls on named pipe messages can allow an attacker with low privileges to send a malicious payload and gain SYSTEM permissions on a windows computer where the AtlasVPN client is installed.
|
|||||
| CVE-2022-23167 | 1 Amodat | 1 Amodat | 2024-11-21 | 7.5 HIGH | 5.3 MEDIUM |
|
Attacker crafts a GET request to: /mobile/downloadfile.aspx? Filename =../.. /windows/boot.ini the LFI is UNAUTHENTICATED.
|
|||||
| CVE-2022-23142 | 1 Zte | 2 Zxen Cg200, Zxen Cg200 Firmware | 2024-11-21 | N/A | 5.3 MEDIUM |
|
ZXEN CG200 has a DoS vulnerability. An attacker could construct and send a large number of HTTP GET requests in a short time, which can make the product management websites not accessible.
|
|||||
| CVE-2022-23067 | 1 Tooljet | 1 Tooljet | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . If the user opens the invite link/signup link and then clicks on any external links within the page, it leaks the password set token/signup token in the referer header. Using these tokens the attacker can access the user’s account.
|
|||||
| CVE-2022-23002 | 1 Westerndigital | 1 Sweet B | 2024-11-21 | N/A | 5.3 MEDIUM |
|
When compressing or decompressing a point on the NIST P-256 elliptic curve with an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output will cause an error when used in other operations. This may be leveraged by an attacker to cause an error scenario in applications which use the library, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components.
|
|||||
| CVE-2022-22973 | 2 Linux, Vmware | 5 Linux Kernel, Cloud Foundation, Identity Manager and 2 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.
|
|||||
| CVE-2022-22972 | 2 Linux, Vmware | 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
|
|||||
| CVE-2022-22969 | 2 Oracle, Pivotal | 2 Communications Design Studio, Spring Security Oauth | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
<Issue Description> Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. A malicious user or attacker can send multiple requests initiating the Authorization Request for the Authorization Code Grant, which has the potential of exhausting system resources using a single session. This vulnerability exposes OAuth 2.0 Client application ...
Show More |
|||||
| CVE-2022-22966 | 1 Vmware | 1 Vcloud Director | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
An authenticated, high privileged malicious actor with network access to the VMware Cloud Director tenant or provider may be able to exploit a remote code execution vulnerability to gain access to the server.
|
|||||
| CVE-2022-22964 | 2 Linux, Vmware | 2 Linux Kernel, Horizon | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation that allows a user to escalate to root due to a vulnerable configuration file.
|
|||||
| CVE-2022-22955 | 2 Linux, Vmware | 4 Linux Kernel, Identity Manager, Vrealize Automation and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.
|
|||||
| CVE-2022-22953 | 1 Vmware | 1 Vmware Hcx | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
VMware HCX update addresses an information disclosure vulnerability. A malicious actor with network user access to the VMware HCX appliance may be able to gain access to sensitive information.
|
|||||
| CVE-2022-22938 | 2 Microsoft, Vmware | 3 Windows, Horizon, Workstation | 2024-11-21 | 2.1 LOW | 6.5 MEDIUM |
|
VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windows (5.x prior to 5.5.3) contains a denial-of-service vulnerability in the Cortado ThinPrint component. The issue exists in TrueType font parser. A malicious actor with access to a virtual machine or remote desktop may exploit this issue to trigger a denial-of-service condition in the Thinprint service running on the host machine where VMware Workstation or Horizon Client for Windows is installed.
|
|||||
| CVE-2022-22930 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A remote code execution (RCE) vulnerability in the Template Management function of MCMS v5.2.4 allows attackers to execute arbitrary code via a crafted payload.
|
|||||
| CVE-2022-22916 | 1 Zoneland | 1 O2oa | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
O2OA v6.4.7 was discovered to contain a remote code execution (RCE) vulnerability via /x_program_center/jaxrs/invoke.
|
|||||
| CVE-2022-22891 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Jerryscript 3.0.0 was discovered to contain a SEGV vulnerability via ecma_ref_object_inline in /jerry-core/ecma/base/ecma-gc.c.
|
|||||
| CVE-2022-22847 | 1 Formpipe | 1 Lasernet | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
|
Formpipe Lasernet before 9.13.3 allows file inclusion in Client Web Services (either by an authenticated attacker, or in a configuration that does not require authentication).
|
|||||
| CVE-2022-22846 | 1 Dnslib Project | 1 Dnslib | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The dnslib package through 0.9.16 for Python does not verify that the ID value in a DNS reply matches an ID value in a query.
|
|||||
| CVE-2022-22833 | 1 Servisnet | 1 Tessa | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obtain sensitive information via a /js/app.js request.
|
|||||
| CVE-2022-22817 | 2 Debian, Python | 2 Debian Linux, Pillow | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used.
|
|||||
| CVE-2022-22814 | 1 Asus | 1 Myasus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The System Diagnosis service of MyASUS before 3.1.2.0 allows privilege escalation.
|
|||||
| CVE-2022-22793 | 1 Cybonet | 1 Pineapp Mail Secure | 2024-11-21 | 5.0 MEDIUM | 6.1 MEDIUM |
|
Cybonet - PineApp Mail Relay Local File Inclusion. Attacker can send a request to : /manage/mailpolicymtm/log/eml_viewer/email.content.body.php?filesystem_path=ENCDODED PATH and by doing that, the attacker can read Local Files inside the server.
|
|||||
| CVE-2022-22783 | 1 Zoom | 2 Zoom On-premise Meeting Connector Controller, Zoom On-premise Meeting Connector Mmr | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
|
A vulnerability in Zoom On-Premise Meeting Connector Controller version 4.8.102.20220310 and On-Premise Meeting Connector MMR version 4.8.102.20220310 exposes process memory fragments to connected clients, which could be observed by a passive attacker.
|
|||||
| CVE-2022-22782 | 1 Zoom | 4 Meetings, Rooms For Conference Rooms, Vdi Windows Meeting Clients and 1 more | 2024-11-21 | 6.6 MEDIUM | 7.9 HIGH |
|
The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3, and Zoom VDI Windows Meeting Clients prior to version 5.9.6; was susceptible to a local privilege escalation issue during the installer repair operation. A malicious actor could utilize this to potentially delete system level files or folders, causing integrity or availability issues on the use ...
Show More |
|||||
| CVE-2022-22772 | 3 Ibm, Opengroup, Tibco | 3 Z Linux, Unix, Managed File Transfer Platform Server | 2024-11-21 | 8.5 HIGH | 8.5 HIGH |
|
The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux contain a difficult to exploit Remote Code Execution (RCE) vulnerability that allows a low privileged attacker with network access to execute arbitrary code on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX: versions 8.1.0 and below and TIBCO Man ...
Show More |
|||||
| CVE-2022-22770 | 1 Tibco | 1 Auditsafe | 2024-11-21 | 9.0 HIGH | 9.8 CRITICAL |
|
The Web Server component of TIBCO Software Inc.'s TIBCO AuditSafe contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute API methods on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO AuditSafe: versions 1.1.0 and below.
|
|||||
| CVE-2022-22717 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
|
Windows Print Spooler Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-22712 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server and 1 more | 2024-11-21 | 4.7 MEDIUM | 5.6 MEDIUM |
|
Windows Hyper-V Denial of Service Vulnerability
|
|||||
| CVE-2022-22711 | 1 Microsoft | 6 Windows 10, Windows 11, Windows Server 2012 and 3 more | 2024-11-21 | 3.3 LOW | 5.7 MEDIUM |
|
Windows BitLocker Information Disclosure Vulnerability
|
|||||
| CVE-2022-22710 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
Windows Common Log File System Driver Denial of Service Vulnerability
|
|||||
| CVE-2022-22709 | 1 Microsoft | 1 Vp9 Video Extensions | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
VP9 Video Extensions Remote Code Execution Vulnerability
|
|||||
| CVE-2022-22676 | 1 Apple | 1 Macos | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An event handler validation issue in the XPC Services API was addressed by removing the service. This issue is fixed in macOS Monterey 12.2. An application may be able to delete files for which it does not have permission.
|
|||||