Total
35559 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-31682 | 1 Vmware | 1 Vrealize Operations | 2024-11-21 | 4.9 Medium |
| VMware Aria Operations contains an arbitrary file read vulnerability. A malicious actor with administrative privileges may be able to read arbitrary files containing sensitive data. | ||||
| CVE-2022-31675 | 1 Vmware | 1 Vrealize Operations | 2024-11-21 | 7.5 High |
| VMware vRealize Operations contains an authentication bypass vulnerability. An unauthenticated malicious actor with network access may be able to create a user with administrative privileges. | ||||
| CVE-2022-31673 | 1 Vmware | 1 Vrealize Operations | 2024-11-21 | 8.8 High |
| VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can create and leak hex dumps, leading to information disclosure. Successful exploitation can lead to a remote code execution. | ||||
| CVE-2022-31664 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2024-11-21 | 7.8 High |
| VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'. | ||||
| CVE-2022-31661 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2024-11-21 | 7.8 High |
| VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to 'root'. | ||||
| CVE-2022-31660 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2024-11-21 | 7.8 High |
| VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'. | ||||
| CVE-2022-31656 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2024-11-21 | 9.8 Critical |
| VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate. | ||||
| CVE-2022-31594 | 1 Sap | 1 Adaptive Server Enterprise | 2024-11-21 | 6.7 Medium |
| A highly privileged user can exploit SUID-root program to escalate his privileges to root on a local Unix system. | ||||
| CVE-2022-31590 | 1 Sap | 1 Powerdesigner Proxy | 2024-11-21 | 7.8 High |
| SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a program file on system disk root path, which could then be executed with elevated privileges of the application during application start up or reboot, potentially compromising Confidentiality, Integrity and Availability of the system. | ||||
| CVE-2022-31478 | 1 Sr.solutions | 1 Usertakeover | 2024-11-21 | 4.3 Medium |
| The UserTakeOver plugin before 4.0.1 for ILIAS allows an attacker to list all users via the search function. | ||||
| CVE-2022-31472 | 1 Cybozu | 1 Garoon | 2024-11-21 | 4.3 Medium |
| Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to obtain the data of Cabinet. | ||||
| CVE-2022-31313 | 1 Api-res-py Project | 1 Api-res-py | 2024-11-21 | 9.8 Critical |
| api-res-py package in PyPI 0.1 is vulnerable to a code execution backdoor in the request package. | ||||
| CVE-2022-31282 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 5.5 Medium |
| Bento4 MP4Dump v1.2 was discovered to contain a segmentation violation via an unknown address at /Source/C++/Core/Ap4DataBuffer.cpp:175. | ||||
| CVE-2022-31263 | 1 Joinmastodon | 1 Mastodon | 2024-11-21 | 5.3 Medium |
| app/models/user.rb in Mastodon before 3.5.0 allows a bypass of e-mail restrictions. | ||||
| CVE-2022-31259 | 1 Beego | 1 Beego | 2024-11-21 | 9.8 Critical |
| The route lookup process in beego before 1.12.9 and 2.x before 2.0.3 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in various places (e.g., p1.xml instead of p1). | ||||
| CVE-2022-31208 | 1 Infiray | 2 Iray-a8z3, Iray-a8z3 Firmware | 2024-11-21 | 8.8 High |
| An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The webserver contains an endpoint that can execute arbitrary commands by manipulating the cmd_string URL parameter. | ||||
| CVE-2022-30949 | 1 Jenkins | 1 Repo | 2024-11-21 | 5.3 Medium |
| Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents. | ||||
| CVE-2022-30948 | 2 Jenkins, Redhat | 2 Mercurial, Openshift | 2024-11-21 | 7.5 High |
| Jenkins Mercurial Plugin 2.16 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents. | ||||
| CVE-2022-30947 | 1 Jenkins | 1 Git | 2024-11-21 | 7.5 High |
| Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents. | ||||
| CVE-2022-30943 | 1 Cybozu | 1 Garoon | 2024-11-21 | 4.3 Medium |
| Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data of Bulletin. | ||||