Total
15186 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22997 | 2 Linux, Westerndigital | 5 Linux Kernel, My Cloud Home, My Cloud Home Duo and 2 more | 2024-11-21 | 7.5 HIGH | 6.8 MEDIUM |
|
Addressed a remote code execution vulnerability by resolving a command injection vulnerability and closing an AWS S3 bucket that potentially allowed an attacker to execute unsigned code on My Cloud Home devices.
|
|||||
| CVE-2022-22973 | 2 Linux, Vmware | 5 Linux Kernel, Cloud Foundation, Identity Manager and 2 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.
|
|||||
| CVE-2022-22972 | 2 Linux, Vmware | 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
|
|||||
| CVE-2022-22964 | 2 Linux, Vmware | 2 Linux Kernel, Horizon | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation that allows a user to escalate to root due to a vulnerable configuration file.
|
|||||
| CVE-2022-22962 | 2 Linux, Vmware | 2 Linux Kernel, Horizon | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation as a user is able to change the default shared folder location due to a vulnerable symbolic link. Successful exploitation can result in linking to a root owned file.
|
|||||
| CVE-2022-22961 | 2 Linux, Vmware | 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims.
|
|||||
| CVE-2022-22959 | 2 Linux, Vmware | 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI.
|
|||||
| CVE-2022-22958 | 2 Linux, Vmware | 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.
|
|||||
| CVE-2022-22957 | 2 Linux, Vmware | 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.
|
|||||
| CVE-2022-22956 | 2 Linux, Vmware | 4 Linux Kernel, Identity Manager, Vrealize Automation and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.
|
|||||
| CVE-2022-22955 | 2 Linux, Vmware | 4 Linux Kernel, Identity Manager, Vrealize Automation and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.
|
|||||
| CVE-2022-22496 | 3 Ibm, Linux, Microsoft | 4 Aix, Spectrum Protect Server, Linux Kernel and 1 more | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942.
|
|||||
| CVE-2022-22494 | 3 Ibm, Linux, Microsoft | 4 Aix, Spectrum Protect Operations Center, Linux Kernel and 1 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14 could allow a remote attacker to gain details of the database, such as type and version, by sending a specially-crafted HTTP request. This information could then be used in future attacks. IBM X-Force ID: 226940.
|
|||||
| CVE-2022-22493 | 2 Ibm, Linux | 2 Websphere Automation For Ibm Cloud Pak For Watson Aiops, Linux Kernel | 2024-11-21 | N/A | 8.8 HIGH |
|
IBM WebSphere Automation for Cloud Pak for Watson AIOps 1.4.2 is vulnerable to cross-site request forgery, caused by improper cookie attribute setting. IBM X-Force ID: 226449.
|
|||||
| CVE-2022-22489 | 3 Ibm, Linux, Microsoft | 3 Mq, Linux Kernel, Windows | 2024-11-21 | N/A | 9.1 CRITICAL |
|
IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 226339.
|
|||||
| CVE-2022-22487 | 3 Ibm, Linux, Microsoft | 4 Aix, Spectrum Protect Server, Linux Kernel and 1 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. A remote attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to both the IBM Spectrum Protect storage agent and the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 with which it communicates. IBM X-Force ID: 226326.
|
|||||
| CVE-2022-22485 | 3 Ibm, Linux, Microsoft | 4 Aix, Spectrum Protect Operations Center, Linux Kernel and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator's invalid sign-on count to be incremented on the IBM Spectrum Protect Server. An attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to the IBM Spectrum Protect Server. IBM X-Force ID: 226325.
|
|||||
| CVE-2022-22484 | 3 Ibm, Linux, Microsoft | 4 Aix, Spectrum Protect, Linux Kernel and 1 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a local attacker to obtain sensitive information, caused by plain text user account passwords potentially being stored in the browser's application command history. By accessing browser history, an attacker could exploit this vulnerability to obtain other user accounts' passwords. IBM X-Force ID: 226322.
|
|||||
| CVE-2022-22483 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2024-11-21 | N/A | 6.5 MEDIUM |
|
IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. IBM X-Force ID: 225979.
|
|||||
| CVE-2022-22480 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | N/A | 7.5 HIGH |
|
IBM QRadar SIEM 7.4 and 7.5 data node rebalancing does not function correctly when using encrypted hosts which could result in information disclosure. IBM X-Force ID: 225889.
|
|||||
| CVE-2022-22479 | 2 Ibm, Linux | 2 Spectrum Copy Data Management, Linux Kernel | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
IBM Spectrum Copy Data Management 2.2.0.0through 2.2.15.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 225887.
|
|||||
| CVE-2022-22478 | 6 Apple, Hp, Ibm and 3 more | 7 Macos, Hp-ux, Aix and 4 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225886.
|
|||||
| CVE-2022-22477 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-11-21 | N/A | 6.1 MEDIUM |
|
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 225605.
|
|||||
| CVE-2022-22473 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-11-21 | N/A | 5.3 MEDIUM |
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console data. This information could be used in further attacks against the system. IBM X-Force ID: 225347.
|
|||||
| CVE-2022-22472 | 2 Ibm, Linux | 2 Spectrum Protect Plus Container Backup And Restore, Linux Kernel | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
IBM Spectrum Protect Plus Container Backup and Restore (10.1.5 through 10.1.10.2 for Kubernetes and 10.1.7 through 10.1.10.2 for Red Hat OpenShift) could allow a remote attacker to bypass IBM Spectrum Protect Plus role based access control restrictions, caused by improper disclosure of session information. By retrieving the logs of a container an attacker could exploit this vulnerability to bypass login security of the IBM Spectrum Protect Plus server and gain unauthorized access based on the pe ...
Show More |
|||||
| CVE-2022-22462 | 2 Ibm, Linux | 2 Security Verify Governance, Linux Kernel | 2024-11-21 | N/A | 3.7 LOW |
|
IBM Security Verify Governance, Identity Manager virtual appliance component 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225078.
|
|||||
| CVE-2022-22461 | 2 Ibm, Linux | 2 Security Verify Governance, Linux Kernel | 2024-11-21 | N/A | 5.9 MEDIUM |
|
IBM Security Verify Governance, Identity Manager 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225007.
|
|||||
| CVE-2022-22460 | 2 Ibm, Linux | 2 Security Verify Governance, Linux Kernel | 2024-11-21 | N/A | 7.5 HIGH |
|
IBM Security Verify Identity Manager 10.0 contains sensitive information in the source code repository that could be used in further attacks against the system. IBM X-Force ID: 225013.
|
|||||
| CVE-2022-22458 | 2 Ibm, Linux | 2 Security Verify Governance, Linux Kernel | 2024-11-21 | N/A | 6.3 MEDIUM |
|
IBM Security Verify Governance, Identity Manager 10.0.1 stores user credentials in plain clear text which can be read by a remote authenticated user. IBM X-Force ID: 225009.
|
|||||
| CVE-2022-22457 | 2 Ibm, Linux | 2 Security Verify Governance, Linux Kernel | 2024-11-21 | N/A | 5.3 MEDIUM |
|
IBM Security Verify Governance, Identity Manager 10.0.1 stores sensitive information including user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 225007.
|
|||||
| CVE-2022-22456 | 2 Ibm, Linux | 2 Security Verify Governance, Linux Kernel | 2024-11-21 | N/A | 4.2 MEDIUM |
|
IBM Security Verify Governance, Identity Manager 10.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 225004.
|
|||||
| CVE-2022-22454 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server On Cloud, Linux Kernel and 1 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
|
|||||
| CVE-2022-22453 | 2 Ibm, Linux | 2 Security Verify Governance, Linux Kernel | 2024-11-21 | N/A | 7.5 HIGH |
|
IBM Security Verify Identity Manager 10.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 224919.
|
|||||
| CVE-2022-22452 | 2 Ibm, Linux | 2 Security Verify Governance, Linux Kernel | 2024-11-21 | N/A | 7.5 HIGH |
|
IBM Security Verify Identity Manager 10.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 224918.
|
|||||
| CVE-2022-22450 | 2 Ibm, Linux | 2 Security Verify Governance, Linux Kernel | 2024-11-21 | N/A | 3.8 LOW |
|
IBM Security Verify Identity Manager 10.0 could allow a privileged user to upload a malicious file by bypassing extension security in an HTTP request. IBM X-Force ID: 224916.
|
|||||
| CVE-2022-22449 | 2 Ibm, Linux | 2 Security Verify Governance, Linux Kernel | 2024-11-21 | N/A | 5.3 MEDIUM |
|
IBM Security Verify Governance, Identity Manager 10.01 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 224915.
|
|||||
| CVE-2022-22426 | 2 Ibm, Linux | 2 Spectrum Copy Data Management, Linux Kernel | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
IBM Spectrum Copy Data Management Admin 2.2.0.0 through 2.2.15.0 could allow a local attacker to bypass authentication restrictions, caused by the lack of proper session management. An attacker could exploit this vulnerability to bypass authentication and gain unauthorized access to the Spectrum Copy Data Management catalog which contains metadata. IBM X-Force ID: 223718.
|
|||||
| CVE-2022-22424 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | N/A | 5.5 MEDIUM |
|
IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information from the TLS key file due to incorrect file permissions. IBM X-Force ID: 223597.
|
|||||
| CVE-2022-22411 | 2 Ibm, Linux | 2 Spectrum Scale Data Access Services, Linux Kernel | 2024-11-21 | N/A | 6.5 MEDIUM |
|
IBM Spectrum Scale Data Access Services (DAS) 5.1.3.1 could allow an authenticated user to insert code which could allow the attacker to manipulate cluster resources due to excessive permissions. IBM X-Force ID: 223016.
|
|||||
| CVE-2022-22409 | 2 Ibm, Linux | 2 Aspera Faspex, Linux Kernel | 2024-11-21 | N/A | 5.3 MEDIUM |
|
IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather sensitive information about the web application, caused by an insecure configuration. IBM X-Force ID: 222592.
|
|||||