Total
2183 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-23340 | 1 Joplin Project | 1 Joplin | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Joplin 2.6.10 allows remote attackers to execute system commands through malicious code in user search results. | |||||
| CVE-2022-22972 | 2 Linux, Vmware | 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate. | |||||
| CVE-2022-22955 | 2 Linux, Vmware | 4 Linux Kernel, Identity Manager, Vrealize Automation and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework. | |||||
| CVE-2022-22930 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution (RCE) vulnerability in the Template Management function of MCMS v5.2.4 allows attackers to execute arbitrary code via a crafted payload. | |||||
| CVE-2022-22916 | 1 Zoneland | 1 O2oa | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| O2OA v6.4.7 was discovered to contain a remote code execution (RCE) vulnerability via /x_program_center/jaxrs/invoke. | |||||
| CVE-2022-22847 | 1 Formpipe | 1 Lasernet | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| Formpipe Lasernet before 9.13.3 allows file inclusion in Client Web Services (either by an authenticated attacker, or in a configuration that does not require authentication). | |||||
| CVE-2022-22817 | 2 Debian, Python | 2 Debian Linux, Pillow | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used. | |||||
| CVE-2022-22814 | 1 Asus | 1 Myasus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The System Diagnosis service of MyASUS before 3.1.2.0 allows privilege escalation. | |||||
| CVE-2022-22770 | 1 Tibco | 1 Auditsafe | 2024-11-21 | 9.0 HIGH | 9.8 CRITICAL |
| The Web Server component of TIBCO Software Inc.'s TIBCO AuditSafe contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute API methods on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO AuditSafe: versions 1.1.0 and below. | |||||
| CVE-2022-22642 | 1 Apple | 2 Ipados, Iphone Os | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4. A user may be able to bypass the Emergency SOS passcode prompt. | |||||
| CVE-2022-22632 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A logic issue was addressed with improved state management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, watchOS 8.5, macOS Monterey 12.3. A malicious application may be able to elevate privileges. | |||||
| CVE-2022-22544 | 1 Sap | 1 Solution Manager | 2024-11-21 | 6.5 MEDIUM | 9.1 CRITICAL |
| Solution Manager (Diagnostics Root Cause Analysis Tools) - version 720, allows an administrator to execute code on all connected Diagnostics Agents and browse files on their systems. An attacker could thereby control the managed systems. It is considered that this is a missing segregation of duty for the SAP Solution Manager administrator. Impacts of unauthorized execution of commands can lead to sensitive information disclosure, loss of system integrity and denial of service. | |||||
| CVE-2022-22455 | 1 Ibm | 1 Security Verify Governance | 2024-11-21 | N/A | 9.8 CRITICAL |
| IBM Security Verify Governance Identity Manager 10.0 virtual appliance component performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 224989. | |||||
| CVE-2022-22374 | 1 Ibm | 2 Power 9 Ac922, Power 9 Ac922 Firmware | 2024-11-21 | 8.5 HIGH | 9.1 CRITICAL |
| The BMC (IBM Power 9 AC922 OP910, OP920, OP930, and OP940) may be subject to a firmware downgrade attack which may affect its ability to operate its host. IBM X-Force ID: 221442. | |||||
| CVE-2022-22258 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Wi-Fi module has an event notification vulnerability.Successful exploitation of this vulnerability may allow third-party applications to intercept event notifications and add information and result in elevation-of-privilege. | |||||
| CVE-2022-21969 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 7.7 HIGH | 9.0 CRITICAL |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2022-21907 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| HTTP Protocol Stack Remote Code Execution Vulnerability | |||||
| CVE-2022-21901 | 1 Microsoft | 7 Windows 10, Windows 11, Windows 8.1 and 4 more | 2024-11-21 | 7.7 HIGH | 9.0 CRITICAL |
| Windows Hyper-V Elevation of Privilege Vulnerability | |||||
| CVE-2022-21855 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 7.7 HIGH | 9.0 CRITICAL |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2022-21849 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server and 2 more | 2024-11-21 | 9.3 HIGH | 9.8 CRITICAL |
| Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability | |||||